lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260110004821.3411245-1-yosry.ahmed@linux.dev>
Date: Sat, 10 Jan 2026 00:48:17 +0000
From: Yosry Ahmed <yosry.ahmed@...ux.dev>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
	Jim Mattson <jmattson@...gle.com>,
	Kevin Cheng <chengkev@...gle.com>,
	kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Yosry Ahmed <yosry.ahmed@...ux.dev>
Subject: [PATCH 0/4] KVM: nSVM: nested VMSAVE/VMLOAD fixes

A couple of fixes for nested VMLOAD/VMSAVE and a selftest that verifies
correct behavior. The test fails without patch 1.

Patch 4 is a proposed added WARNING, I am not sure if such warnings are
generally acceptable and if that's the correct place for it (hence RFC),
but I think it's useful to WARN if VMSAVE/VMLOAD are neither intercepted
nor virtualized by the CPU, because it means that the guest is directly
accessing host memory with them, a massive security hole.

The warning doesn't fire with or without the fixes, but at some point I
thought there might be such a security bug, and having a warning will
give me some peace of mind.

Yosry Ahmed (4):
  KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
  KVM: SVM: Stop toggling virtual VMSAVE/VMLOAD on intercept recalc
  KVM: selftests: Add a selftests for nested VMLOAD/VMSAVE
  RFC: KVM: SVM: WARN if VMSAVE/VMLOAD are not intercepted or
    virtualized

 arch/x86/kvm/svm/svm.c                        |  23 +-
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../selftests/kvm/include/x86/processor.h     |   1 +
 .../kvm/x86/nested_vmsave_vmload_test.c       | 197 ++++++++++++++++++
 4 files changed, 218 insertions(+), 4 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/nested_vmsave_vmload_test.c

-- 
2.52.0.457.g6b5491de43-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ