lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <176097600449.438961.7346944615480363146.b4-ty@google.com>
Date: Mon, 20 Oct 2025 09:33:11 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/9] KVM: VMX: EPTP cleanups and nVMX fixes

On Thu, 18 Sep 2025 17:59:46 -0700, Sean Christopherson wrote:
> This started as a trivial series to cleanup KVM's handling of EPTPs in
> anticipation of eliding TLB flushes on task migration[*], but then I made the
> mistake of trying to test the nested_early_check change, and things snowballed.
> 
> Long story short, nested_early_check is obviously not being used as it's been
> broken for years, and it's not adding value.  E.g. doesn't help us find KVM
> bugs, and doesn't provide any meaningful protection for KVM (especially since
> no one is using it).
> 
> [...]

Applied to kvm-x86 vmx, thanks!

[1/9] KVM: VMX: Hoist construct_eptp() "up" in vmx.c
      https://github.com/kvm-x86/linux/commit/f48888bb8ad1
[2/9] KVM: nVMX: Hardcode dummy EPTP used for early nested consistency checks
      https://github.com/kvm-x86/linux/commit/a8749281e4c6
[3/9] KVM: x86/mmu: Move "dummy root" helpers to spte.h
      https://github.com/kvm-x86/linux/commit/a10f5cc3ac9b
[4/9] KVM: VMX: Use kvm_mmu_page role to construct EPTP, not current vCPU state
      https://github.com/kvm-x86/linux/commit/2f723a863423
[5/9] KVM: nVMX: Add consistency check for TPR_THRESHOLD[31:4]!=0 without VID
      https://github.com/kvm-x86/linux/commit/15fe455dd1a0
[6/9] KVM: nVMX: Add consistency check for TSC_MULTIPLIER=0
      https://github.com/kvm-x86/linux/commit/ae8e6ad84177
[7/9] KVM: nVMX: Stuff vmcs02.TSC_MULTIPLIER early on for nested early checks
      https://github.com/kvm-x86/linux/commit/f91699d5692d
[8/9] KVM: nVMX: Remove support for "early" consistency checks via hardware
      https://github.com/kvm-x86/linux/commit/a175da6d430e
[9/9] KVM: nVMX: Add an off-by-default module param to WARN on missed consistency checks
      https://github.com/kvm-x86/linux/commit/1100e4910ad2

--
https://github.com/kvm-x86/linux/tree/next

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ