| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aWEUTQeNXugBYAZA@google.com> Date: Fri, 9 Jan 2026 06:44:29 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Xiaoyao Li <xiaoyao.li@...el.com> Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Chao Gao <chao.gao@...el.com>, Xin Li <xin@...or.com>, Yosry Ahmed <yosry.ahmed@...ux.dev> Subject: Re: [PATCH v3 3/4] KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by "hardware" On Fri, Jan 09, 2026, Xiaoyao Li wrote: > On 1/9/2026 12:15 PM, Sean Christopherson wrote: > > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c > > index 61113ead3d7b..ac7a17560c8f 100644 > > --- a/arch/x86/kvm/vmx/nested.c > > +++ b/arch/x86/kvm/vmx/nested.c > > @@ -111,6 +111,9 @@ static void init_vmcs_shadow_fields(void) > > field <= GUEST_TR_AR_BYTES, > > "Update vmcs12_write_any() to drop reserved bits from AR_BYTES"); > > + if (get_vmcs12_field_offset(field) < 0) > > + continue; > > + > > why shadow_read_only_fields[] doesn't need such guard? > > IIUC, copy_vmcs12_to_shadow() will VMWRITE shadowed readonly field even if > it doesn't exist on the hardware? Because I fixated on the existing checks and didn't look at the first for-loop. This time around I'll test by hacking in shadowed fields arbitrary shadow fields.
Powered by blists - more mailing lists