lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251113231420.1695919-1-seanjc@google.com>
Date: Thu, 13 Nov 2025 15:14:15 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/5] KVM: SVM: Fix and clean up OSVW handling

Fix a long-standing bug where KVM could clobber its OS-visible workarounds
handling (not that anyone would notice), and then clean up the code to make
it easier understand and maintain (I didn't even know what "osvw" stood for
until I ran into this code when trying to moving actual SVM pieces of
svm_enable_virtualization_cpu() out of KVM (for TDX purposes)).

Tested by running in a VM and generating unique per-vCPU MSR values in the
host (see below), and verifying KVM ended up with the right values.

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c9c2aa6f4705..d8b8eff733d8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4631,12 +4631,20 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
        case MSR_AMD64_OSVW_ID_LENGTH:
                if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW))
                        return 1;
+
+               if (vcpu->vcpu_idx == 64)
+                       return 1;
+
                msr_info->data = vcpu->arch.osvw.length;
+               if (vcpu->vcpu_idx < 64)
+                       msr_info->data = max(vcpu->vcpu_idx, 8);
                break;
        case MSR_AMD64_OSVW_STATUS:
                if (!guest_cpu_cap_has(vcpu, X86_FEATURE_OSVW))
                        return 1;
                msr_info->data = vcpu->arch.osvw.status;
+               if (vcpu->vcpu_idx < 64)
+                       msr_info->data |= BIT_ULL(vcpu->vcpu_idx);
                break;
        case MSR_PLATFORM_INFO:
                if (!msr_info->host_initiated &&

Sean Christopherson (5):
  KVM: SVM: Serialize updates to global OS-Visible Workarounds variables
  KVM: SVM: Skip OSVW MSR reads if KVM is treating all errata as present
  KVM: SVM: Extract OS-visible workarounds setup to helper function
  KVM: SVM: Skip OSVW variable updates if current CPU's errata are a
    subset
  KVM: SVM: Skip OSVW MSR reads if current CPU doesn't support the
    feature

 arch/x86/kvm/svm/svm.c | 72 ++++++++++++++++++++++++++----------------
 1 file changed, 44 insertions(+), 28 deletions(-)


base-commit: 16ec4fb4ac95d878b879192d280db2baeec43272
-- 
2.52.0.rc1.455.g30608eb744-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ