lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c0e5cd9b-6bdd-4f42-9d1b-d61a8f52f4b8@intel.com>
Date: Wed, 10 Sep 2025 17:22:15 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Chao Gao <chao.gao@...el.com>, kvm@...r.kernel.org,
 linux-kernel@...r.kernel.org
Cc: acme@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
 hpa@...or.com, john.allen@....com, mingo@...nel.org, mingo@...hat.com,
 minipli@...ecurity.net, mlevitsk@...hat.com, namhyung@...nel.org,
 pbonzini@...hat.com, prsampat@....com, rick.p.edgecombe@...el.com,
 seanjc@...gle.com, shuah@...nel.org, tglx@...utronix.de,
 weijiang.yang@...el.com, x86@...nel.org, xin@...or.com
Subject: Re: [PATCH v14 03/22] KVM: x86: Check XSS validity against guest
 CPUIDs

On 9/9/2025 5:39 PM, Chao Gao wrote:
> Maintain per-guest valid XSS bits and check XSS validity against them
> rather than against KVM capabilities. This is to prevent bits that are
> supported by KVM but not supported for a guest from being set.
> 
> Opportunistically return KVM_MSR_RET_UNSUPPORTED on IA32_XSS MSR accesses
> if guest CPUID doesn't enumerate X86_FEATURE_XSAVES. Since
> KVM_MSR_RET_UNSUPPORTED takes care of host_initiated cases, drop the
> host_initiated check.
> 
> Signed-off-by: Chao Gao <chao.gao@...el.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@...el.com>

<snip>
> @@ -4011,15 +4011,14 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
>   		}
>   		break;
>   	case MSR_IA32_XSS:
> -		if (!msr_info->host_initiated &&
> -		    !guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
> -			return 1;
> +		if (!guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))
> +			return KVM_MSR_RET_UNSUPPORTED;
>   		/*
>   		 * KVM supports exposing PT to the guest, but does not support
>   		 * IA32_XSS[bit 8]. Guests have to use RDMSR/WRMSR rather than
>   		 * XSAVES/XRSTORS to save/restore PT MSRs.
>   		 */

Not an issue of this patch, there seems not the proper place to put 
above comment.
> -		if (data & ~kvm_caps.supported_xss)
> +		if (data & ~vcpu->arch.guest_supported_xss)
>   			return 1;
>   		vcpu->arch.ia32_xss = data;
>   		vcpu->arch.cpuid_dynamic_bits_dirty = true;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ