lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aYVGJJuRdYTzO20p@google.com>
Date: Thu, 5 Feb 2026 17:38:44 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Yosry Ahmed <yosry.ahmed@...ux.dev>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 00/26] Nested SVM fixes, cleanups, and hardening

On Thu, Jan 15, 2026, Yosry Ahmed wrote:
> Yosry Ahmed (26):
>   KVM: SVM: Switch svm_copy_lbrs() to a macro
>   KVM: SVM: Add missing save/restore handling of LBR MSRs
>   KVM: selftests: Add a test for LBR save/restore (ft. nested)
>   KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
>   KVM: nSVM: Triple fault if mapping VMCB12 fails on nested #VMEXIT
>   KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT
>   KVM: nSVM: Drop nested_vmcb_check_{save/control}() wrappers
>   KVM: nSVM: Call enter_guest_mode() before switching to VMCB02
>   KVM: nSVM: Make nested_svm_merge_msrpm() return an errno
>   KVM: nSVM: Call nested_svm_merge_msrpm() from enter_svm_guest_mode()
>   KVM: nSVM: Call nested_svm_init_mmu_context() before switching to
>     VMCB02
>   KVM: nSVM: Refactor minimal #VMEXIT handling out of
>     nested_svm_vmexit()
>   KVM: nSVM: Unify handling of VMRUN failures with proper cleanup
>   KVM: nSVM: Clear EVENTINJ field in VMCB12 on nested #VMEXIT
>   KVM: nSVM: Drop the non-architectural consistency check for NP_ENABLE
>   KVM: nSVM: Add missing consistency check for nCR3 validity
>   KVM: nSVM: Add missing consistency check for hCR0.PG and NP_ENABLE
>   KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
>   KVM: nSVM: Add missing consistency check for event_inj
>   KVM: SVM: Rename vmcb->nested_ctl to vmcb->misc_ctl
>   KVM: SVM: Rename vmcb->virt_ext to vmcb->misc_ctl2
>   KVM: SVM: Use BIT() and GENMASK() for definitions in svm.h
>   KVM: nSVM: Cache all used fields from VMCB12
>   KVM: nSVM: Restrict mapping VMCB12 on nested VMRUN
>   KVM: nSVM: Sanitize control fields copied from VMCB12
>   KVM: nSVM: Only copy NP_ENABLE from VMCB01's misc_ctl

All in all, looks good.  A few comments, but I don't anticipate a big jump in
the patch count :-)

Note, make sure to rebase on the latest kvm-x86 next, there are a handful of
minor conflicts.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ