| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aMxJ4zQkTFPD0xkq@google.com>
Date: Thu, 18 Sep 2025 11:05:23 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Xin Li <xin@...or.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>, Mathias Krause <minipli@...ecurity.net>,
John Allen <john.allen@....com>, Rick Edgecombe <rick.p.edgecombe@...el.com>,
Chao Gao <chao.gao@...el.com>, Maxim Levitsky <mlevitsk@...hat.com>,
Xiaoyao Li <xiaoyao.li@...el.com>, Zhang Yi Z <yi.z.zhang@...ux.intel.com>
Subject: Re: [PATCH v15 21/41] KVM: nVMX: Prepare for enabling CET support for
nested guest
On Wed, Sep 17, 2025, Xin Li wrote:
> On 9/12/2025 4:22 PM, Sean Christopherson wrote:
> > diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h
> > index 56fd150a6f24..4ad6b16525b9 100644
> > --- a/arch/x86/kvm/vmx/vmcs12.h
> > +++ b/arch/x86/kvm/vmx/vmcs12.h
> > @@ -117,7 +117,13 @@ struct __packed vmcs12 {
> > natural_width host_ia32_sysenter_eip;
> > natural_width host_rsp;
> > natural_width host_rip;
> > - natural_width paddingl[8]; /* room for future expansion */
> > + natural_width host_s_cet;
> > + natural_width host_ssp;
> > + natural_width host_ssp_tbl;
> > + natural_width guest_s_cet;
> > + natural_width guest_ssp;
> > + natural_width guest_ssp_tbl;
> > + natural_width paddingl[2]; /* room for future expansion */
> > u32 pin_based_vm_exec_control;
> > u32 cpu_based_vm_exec_control;
> > u32 exception_bitmap;
> > @@ -294,6 +300,12 @@ static inline void vmx_check_vmcs12_offsets(void)
> > CHECK_OFFSET(host_ia32_sysenter_eip, 656);
> > CHECK_OFFSET(host_rsp, 664);
> > CHECK_OFFSET(host_rip, 672);
> > + CHECK_OFFSET(host_s_cet, 680);
> > + CHECK_OFFSET(host_ssp, 688);
> > + CHECK_OFFSET(host_ssp_tbl, 696);
> > + CHECK_OFFSET(guest_s_cet, 704);
> > + CHECK_OFFSET(guest_ssp, 712);
> > + CHECK_OFFSET(guest_ssp_tbl, 720);
> > CHECK_OFFSET(pin_based_vm_exec_control, 744);
> > CHECK_OFFSET(cpu_based_vm_exec_control, 748);
> > CHECK_OFFSET(exception_bitmap, 752);
>
>
> This patch modifies struct vms12 without updating the corresponding vmcs12
> definition in Documentation/virt/kvm/x86/nested-vmx.rst. However,
> duplicating the definition within the same source tree seems unnecessary
> and prone to inconsistencies. E.g., the following fields are missing in
> Documentation/virt/kvm/x86/nested-vmx.rst:
>
> ...
> u64 posted_intr_desc_addr;
> ...
> u64 eoi_exit_bitmap0;
> u64 eoi_exit_bitmap1;
> u64 eoi_exit_bitmap2;
> u64 eoi_exit_bitmap3;
> u64 xss_exit_bitmap;
> ...
>
> What's more, the 64-bit padding fields are completely messed up; we have
> used 9 u64 after host_ia32_efer:
>
> u64 host_ia32_perf_global_ctrl;
> u64 vmread_bitmap;
> u64 vmwrite_bitmap;
> u64 vm_function_control;
> u64 eptp_list_address;
> u64 pml_address;
> u64 encls_exiting_bitmap;
> u64 tsc_multiplier;
> u64 padding64[1]; /* room for future expansion */
>
>
> But it's 8 u64 after host_ia32_efer in the documentation:
>
> u64 padding64[8]; /* room for future expansion */
>
>
> We probably should remove it from Documentation/virt/kvm/x86/nested-vmx.rst
> and instead add a reference to arch/x86/kvm/vmx/vmcs12.h.
Yeah, the paragraph above is also stale, see commit cb9fb5fc12ef ("KVM: nVMX:
Update VMCS12_REVISION comment to state it should never change") (I forgot that
Documentation/virt/kvm/x86/nested-vmx.rst existed).
For convenience, we repeat the content of struct vmcs12 here. If the internals
of this structure changes, this can break live migration across KVM versions.
VMCS12_REVISION (from vmx.c) should be changed if struct vmcs12 or its inner
struct shadow_vmcs is ever changed.
Powered by blists - more mailing lists