| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <byqww7zx55qgtbauqmrqzyz4vwcwojhxguqskv4oezmish6vub@iwe62secbobm>
Date: Tue, 30 Sep 2025 15:31:31 +0000
From: Yosry Ahmed <yosry.ahmed@...ux.dev>
To: Jim Mattson <jmattson@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Sean Christopherson <seanjc@...gle.com>,
Paolo Bonzini <pbonzini@...hat.com>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Tom Lendacky <thomas.lendacky@....com>, Manali Shukla <manali.shukla@....com>,
Sohil Mehta <sohil.mehta@...el.com>, "Xin Li (Intel)" <xin@...or.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: Advertise EferLmsleUnsupported to userspace
On Thu, Sep 25, 2025 at 01:29:18PM -0700, Jim Mattson wrote:
> CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
> bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
> set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
> it cannot support a 0-setting of this bit.
>
> Set the bit in KVM_GET_SUPPORTED_CPUID to advertise the unavailability
> of EFER.LMSLE to userspace.
It seems like KVM allows setting EFER.LMSLE when nested SVM is enabled:
https://elixir.bootlin.com/linux/v6.17/source/arch/x86/kvm/svm/svm.c#L5354
It goes back to commit eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be
set with nested svm"), the commit log says it was needed for the SLES11
version of Xen 4.0 to boot with nested SVM. Maybe that's no longer the
case.
Should KVM advertise EferLmsleUnsupported if it allows setting
EFER.LMSLE in some cases?
>
> Signed-off-by: Jim Mattson <jmattson@...gle.com>
> ---
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/kvm/cpuid.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 751ca35386b0..f9b593721917 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -338,6 +338,7 @@
> #define X86_FEATURE_AMD_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */
> #define X86_FEATURE_AMD_STIBP_ALWAYS_ON (13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
> #define X86_FEATURE_AMD_IBRS_SAME_MODE (13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
> +#define X86_FEATURE_EFER_LMSLE_MBZ (13*32+20) /* EFER.LMSLE must be zero */
> #define X86_FEATURE_AMD_PPIN (13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
> #define X86_FEATURE_AMD_SSBD (13*32+24) /* Speculative Store Bypass Disable */
> #define X86_FEATURE_VIRT_SSBD (13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index e2836a255b16..e0426e057774 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
> F(AMD_STIBP),
> F(AMD_STIBP_ALWAYS_ON),
> F(AMD_IBRS_SAME_MODE),
> + EMULATED_F(EFER_LMSLE_MBZ),
> F(AMD_PSFD),
> F(AMD_IBPB_RET),
> );
> --
> 2.51.0.570.gb178f27e6d-goog
>
Powered by blists - more mailing lists