| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aV1bC3Wk-LbP1hUZ@google.com> Date: Tue, 6 Jan 2026 10:57:15 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Andrew Cooper <andrew.cooper3@...rix.com> Cc: chengkev@...gle.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, pbonzini@...hat.com, yosry.ahmed@...ux.dev Subject: Re: [PATCH 2/2] KVM: SVM: Raise #UD if VMMCALL instruction is not intercepted On Tue, Jan 06, 2026, Andrew Cooper wrote: > > Mentioning L2 and L1 is confusing. It reads like arbitrary KVM behavior. And > > IMO the most notable thing is what's missing: an intercept check. _That_ is > > worth commenting, e.g. > > > > /* > > * VMMCALL #UDs if it's not intercepted, and KVM reaches this point if > > * and only if the VMCALL intercept is not set in vmcb12. > > */ > > Not intercepting VMMCALL is stated to be an unconditional VMRUN > failure. APM Vol3 15.5 Canonicalization and Consistency Checks. Hrm, I can't find that. I see: The VMRUN intercept bit is clear. but I don't see anything about VMMCALL being a mandatory intercept. > > The "VMMCALL was not intercepted" condition is probably what the > pipeline really checks, but really it means "in root mode". > > In most nested virt scenarios, L1 knows it's in a VM and can use VMMCALL > for host facilities. > > ~Andrew
Powered by blists - more mailing lists