lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aYpPay9AuD3KkYfr@google.com>
Date: Mon, 9 Feb 2026 13:19:39 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: Misc changes for 6.20

On Mon, Feb 09, 2026, Paolo Bonzini wrote:
> On Sat, Feb 7, 2026 at 5:10 AM Sean Christopherson <seanjc@...gle.com> wrote:
> >  - Add WARNs to guard against modifying KVM's CPU caps outside of the intended
> >    setup flow, as nested VMX in particular is sensitive to unexpected changes
> >    in KVM's golden configuration.
> 
> Possible follow-up: does it make sense to sync kvm_caps.supported_xss
> by calling kvm_setup_xss_caps() from kvm_finalize_cpu_caps()?

Ha!  I did that in v1[*], but Xiaoyao didn't like that it hid the XSS setup, which
very technically aren't part of kvm_cpu_caps.  For the current code base, the pros
and cons of each approach seem to largely cancel each other out, so I think my vote
is to keep things as-is for now, and revisit things if/when we end up with more
common code that needs to run right before kvm_finalize_cpu_caps().

[*] https://lore.kernel.org/all/20260123221542.2498217-2-seanjc@google.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ