| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYYq9u7bZWsmJNMr@google.com> Date: Fri, 6 Feb 2026 09:55:02 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Naveen N Rao <naveen@...nel.org> Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Jim Mattson <jmattson@...gle.com>, "Maciej S . Szmigiero" <maciej.szmigiero@...cle.com> Subject: Re: [PATCH 2/2] KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated On Fri, Feb 06, 2026, Naveen N Rao wrote: > On Tue, Feb 03, 2026 at 11:07:10AM -0800, Sean Christopherson wrote: > > Explicitly set/clear CR8 write interception when AVIC is (de)activated to > > fix a bug where KVM leaves the interception enabled after AVIC is > > activated. E.g. if KVM emulates INIT=>WFS while AVIC is deactivated, CR8 > > will remain intercepted in perpetuity. > > Looking at svm_update_cr8_intercept(), I suppose this could also more > commonly happen whenever AVIC is inhibited (IRQ Windows, as an example)? Maybe? I don't think it's actually common in practice. Because the bug requires the source of the inhibition to be removed while the vCPU still has a pending IRQ that is below PPR. Which is definitely possible, but that seems overall unlikely, and it'd also be self-healing to some extent. E.g. if a workload is triggering ExtINT, then odds are good it's going to _keep_ generating ExtINT, keep toggling the inhibit, and thus reconcile CR8 interception every time AVIC is inhibited.
Powered by blists - more mailing lists