lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250610232010.162191-1-seanjc@google.com>
Date: Tue, 10 Jun 2025 16:20:02 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Adrian Hunter <adrian.hunter@...el.com>, Maxim Levitsky <mlevitsk@...hat.com>
Subject: [PATCH v6 0/8] KVM: VMX: Preserve host's DEBUGCTL.FREEZE_IN_SMM

Preserve the host's FREEZE_IN_SMM setting by stuffing GUEST_DEBUGCTL, so that
SMM activity doesn't bleed into PMU events while running the guest.

Along the way, enforce the supported set of DEBUGCTL bits when processing
vmcs12.GUEST_DEBUGCTL, as KVM can't rely on hardware to reject an MSR value
that is supported in hardware.

To minimize the probability of the nVMX fix breaking existing setups, allow
the guest to use DEBUGCTL.RTM_DEBUG if RTM is exposed to the guest.

v6:
 - WARN in tdx_vcpu_run() if KVM requests DR6 load.
 - Ignore unsupported-but-suppressed DEBUGCTL bits when doing consistency
   check on vmcs12.
 - Add support for DEBUGCTL.RTM_DEBUG.
 - Use accessors in all paths.
 - Add a dedicated vmx_reload_guest_debugctl().

v5: https://lore.kernel.org/all/20250522005555.55705-1-mlevitsk@redhat.com

Maxim Levitsky (3):
  KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
  KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
  KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the
    guest

Sean Christopherson (5):
  KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's
    DEBUGCTL
  KVM: x86: Convert vcpu_run()'s immediate exit param into a generic
    bitmap
  KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag
  KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported
  KVM: VMX: Extract checking of guest's DEBUGCTL into helper

 arch/x86/include/asm/kvm-x86-ops.h |  1 -
 arch/x86/include/asm/kvm_host.h    | 15 ++++++--
 arch/x86/include/asm/msr-index.h   |  1 +
 arch/x86/kvm/svm/svm.c             | 14 ++++----
 arch/x86/kvm/vmx/common.h          |  2 --
 arch/x86/kvm/vmx/main.c            | 17 +++------
 arch/x86/kvm/vmx/nested.c          | 21 ++++++++---
 arch/x86/kvm/vmx/pmu_intel.c       |  8 ++---
 arch/x86/kvm/vmx/tdx.c             | 24 ++++++-------
 arch/x86/kvm/vmx/vmx.c             | 57 ++++++++++++++++++------------
 arch/x86/kvm/vmx/vmx.h             | 26 ++++++++++++++
 arch/x86/kvm/vmx/x86_ops.h         |  4 +--
 arch/x86/kvm/x86.c                 | 25 ++++++++++---
 13 files changed, 140 insertions(+), 75 deletions(-)


base-commit: 61374cc145f4a56377eaf87c7409a97ec7a34041
-- 
2.50.0.rc0.642.g800a2b2222-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ