| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8e4e3a564b652a1dd402873fbf3d320c8fdc41f8.camel@redhat.com> Date: Wed, 14 May 2025 20:19:03 -0400 From: mlevitsk@...hat.com To: Sean Christopherson <seanjc@...gle.com> Cc: kvm@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Paolo Bonzini <pbonzini@...hat.com>, x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH 3/3] x86: KVM: VMX: preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while in the guest mode On Thu, 2025-05-08 at 06:35 -0700, Sean Christopherson wrote: > On Wed, May 07, 2025, Sean Christopherson wrote: > > On Thu, May 01, 2025, mlevitsk@...hat.com wrote: > > > Any ideas on how to solve this then? Since currently its the common code that > > > reads the current value of the MSR_IA32_DEBUGCTLMSR and it doesn't leave any > > > indication about if it changed I can do either > > > > > > 1. store old value as well, something like 'vcpu->arch.host_debugctl_old' Ugly IMHO. > > > > > > 2. add DEBUG_CTL to the set of the 'dirty' registers, e.g add new bit for kvm_register_mark_dirty > > > It looks a bit overkill to me > > > > > > 3. Add new x86 callback for something like .sync_debugctl(). I vote for this option. > > > > > > What do you think/prefer? > > > > I was going to say #3 as well, but I think I have a better idea. > > > > DR6 has a similar problem; the guest's value needs to be loaded into hardware, > > but only somewhat rarely, and more importantly, never on a fastpath reentry. > > > > Forced immediate exits also have a similar need: some control logic in common x86 > > needs instruct kvm_x86_ops.vcpu_run() to do something. > > > > Unless I've misread the DEBUGCTLMSR situation, in all cases, common x86 only needs > > to a single flag to tell vendor code to do something. The payload for that action > > is already available. > > > > So rather than add a bunch of kvm_x86_ops hooks that are only called immediately > > before kvm_x86_ops.vcpu_run(), expand @req_immediate_exit into a bitmap of flags > > to communicate what works needs to be done, without having to resort to a field > > in kvm_vcpu_arch that isn't actually persistent. > > > > The attached patches are relatively lightly tested, but the DR6 tests from the > > recent bug[*] pass, so hopefully they're correct? > > > > The downside with this approach is that it would be difficult to backport to LTS > > kernels, but given how long this has been a problem, I'm not super concerned about > > optimizing for backports. > > > > If they look ok, feel free to include them in the next version. Or I can post > > them separately if you want. > > And of course I forgot to attach the patches... There is one problem with this approach though: the common x86 code will still have to decide if to set KVM_RUN_LOAD_DEBUGCTL flag. Checking that DEBUGCTLMSR_FREEZE_IN_SMM bit of 'vcpu->arch.host_debugctl' changed is VMX specific, because AMD doesn't have this bit, and it might even in the future have a different bit at that position for different purpose. I can set the KVM_RUN_LOAD_DEBUGCTL when any bit in DEBUGCTL changes instead, which should still be rare and then SVM code can ignore the KVM_RUN_LOAD_DEBUGCTL, while VMX code will reload the VMCS field. Is this OK? Best regards, Maxim Levitsky
Powered by blists - more mailing lists