lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9C6BF34C-AF88-4E57-8449-886CEC1B4F21@nutanix.com>
Date: Tue, 23 Dec 2025 04:15:59 +0000
From: Jon Kohler <jon@...anix.com>
To: Sean Christopherson <seanjc@...gle.com>
CC: "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "tglx@...utronix.de"
	<tglx@...utronix.de>,
        "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de"
	<bp@...en8.de>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 16/18] KVM: nVMX: Setup Intel MBEC in nested secondary
 controls



> On May 12, 2025, at 5:32 PM, Sean Christopherson <seanjc@...gle.com> wrote:
> 
> On Thu, Mar 13, 2025, Jon Kohler wrote:
>> Setup Intel Mode Based Execution Control (bit 22) for nested
>> guest, gated on module parameter enablement.
> 
> *This* is the enablement patch.  And it's not doing "Setup", it's advertising
> SECONDARY_EXEC_MODE_BASED_EPT_EXEC to userspace and allowing userspace to expose
> and advertise the feature to the guest.

Right you are! Thanks for the feedback on this bit, this was critical as I was
able to really simplify a lot of the series by focusing on this one bit. I’ve
made the commit log more verbose in v1, and moved both the L2 enablement (this
stuff) as well as the MMU enablement to this same corner of the world. Much
cleaner overall.

>> Signed-off-by: Jon Kohler <jon@...anix.com>
>> 
>> ---
>> arch/x86/kvm/vmx/nested.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>> 
>> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
>> index 931a7361c30f..ce3a6d6dfce7 100644
>> --- a/arch/x86/kvm/vmx/nested.c
>> +++ b/arch/x86/kvm/vmx/nested.c
>> @@ -7099,6 +7099,10 @@ static void nested_vmx_setup_secondary_ctls(u32 ept_caps,
>> */
>> if (cpu_has_vmx_vmfunc())
>> msrs->vmfunc_controls = VMX_VMFUNC_EPTP_SWITCHING;
>> +
>> + if (enable_pt_guest_exec_control)
>> + msrs->secondary_ctls_high |=
>> + SECONDARY_EXEC_MODE_BASED_EPT_EXEC;
> 
> Land this above the VMFUNC stuff so that more of the secondary_ctls_high code is
> clumped together.

Ack/done. 

>> }
>> 
>> /*
>> -- 
>> 2.43.0
>> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ