| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260207041011.913471-9-seanjc@google.com>
Date: Fri, 6 Feb 2026 20:10:10 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: VMX changes for 6.20
The bulk of the changes are to disallow access to vmcs12 fields that aren't
fully supported, so that we don't have to carry a bunch of isolated checks
for shadowed fields. But for me, the highlight is to finally print out the
offending offsets+values on VMCS config mismatches.
The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:
Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.20
for you to fetch changes up to c0d6b8bbbced660e9c2efe079e2b2cb34b27d97f:
KVM: VMX: Print out "bad" offsets+value on VMCS config mismatch (2026-01-30 13:27:46 -0800)
----------------------------------------------------------------
KVM VMX changes for 6.20
- Fix an SGX bug where KVM would incorrectly try to handle EPCM #PFs by always
relecting EPCM #PFs back into the guest. KVM doesn't shadow EPCM entries,
and so EPCM violations cannot be due to KVM interference, and can't be
resolved by KVM.
- Fix a bug where KVM would register its posted interrupt wakeup handler even
if loading kvm-intel.ko ultimately failed.
- Disallow access to vmcb12 fields that aren't fully supported, mostly to
avoid weirdness and complexity for FRED and other features, where KVM wants
enable VMCS shadowing for fields that conditionally exist.
- Print out the "bad" offsets and values if kvm-intel.ko refuses to load (or
refuses to online a CPU) due to a VMCS config mismatch.
----------------------------------------------------------------
Hou Wenlong (1):
KVM: VMX: Don't register posted interrupt wakeup handler if alloc_kvm_area() fails
Sean Christopherson (6):
KVM: VMX: Always reflect SGX EPCM #PFs back into the guest
KVM: nVMX: Setup VMX MSRs on loading CPU during nested_vmx_hardware_setup()
KVM: VMX: Add a wrapper around ROL16() to get a vmcs12 from a field encoding
KVM: nVMX: Disallow access to vmcs12 fields that aren't supported by "hardware"
KVM: nVMX: Remove explicit filtering of GUEST_INTR_STATUS from shadow VMCS fields
KVM: VMX: Print out "bad" offsets+value on VMCS config mismatch
arch/x86/kvm/vmx/hyperv_evmcs.c | 2 +-
arch/x86/kvm/vmx/hyperv_evmcs.h | 2 +-
arch/x86/kvm/vmx/nested.c | 31 ++++++++-------
arch/x86/kvm/vmx/vmcs.h | 9 +++++
arch/x86/kvm/vmx/vmcs12.c | 74 +++++++++++++++++++++++++++++++++--
arch/x86/kvm/vmx/vmcs12.h | 8 ++--
arch/x86/kvm/vmx/vmx.c | 86 ++++++++++++++++++++++++++++++++---------
7 files changed, 171 insertions(+), 41 deletions(-)
Powered by blists - more mailing lists