lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260211162842.454151-1-yosry.ahmed@linux.dev>
Date: Wed, 11 Feb 2026 16:28:37 +0000
From: Yosry Ahmed <yosry.ahmed@...ux.dev>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
	kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Yosry Ahmed <yosry.ahmed@...ux.dev>
Subject: [PATCH v2 0/5] KVM: nSVM: Fix save/restore of NextRIP & interrupt shadow

NextRIP and interrupt shadow are both not sync'd correctly to the cached
vmcb12 after VMRUN of L2. Sync the cached vmcb12 is the payload of
nested state, these fields are not saved/restored correctly.

Sync both fields correctly, and extend state_test to check vGIF (already
sync'd field) and next_rip. Checking the interrupt shadow would be
tricky, as GUEST_SYNC() executes several instructions before exiting to
L0, so the interrupt shadow will be consumed before the test can check
for it. L2 could execute STI followed directly by in/out, but that would
not handle transitioning between L2 and L2 correctly (see
ucall_arch_do_ucall()).

I updated patch 1 to be a minimal fix without moving code around, but I
kept the code movement in patch 3 as it leaves the code in better shape
until a more significant rework/cleanup is done. It also leaves the
FIXME in a more appropriate spot. If you feel strongly, feel free to
drop patch 3, but I'd rather we keep it.

v1 -> v2:
- Split patch 1 into a minimal fix without code movement for stable, and
  code movement patch (patch 3) [Sean].
- Comments and changelog updates [Sean].

v1: https://lore.kernel.org/kvm/20260210005449.3125133-1-yosry.ahmed@linux.dev/

Yosry Ahmed (5):
  KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
  KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
  KVM: nSVM: Move sync'ing to vmcb12 cache after completing interrupts
  KVM: selftests: Extend state_test to check vGIF
  KVM: selftests: Extend state_test to check next_rip

 arch/x86/kvm/svm/nested.c                    | 11 ++++--
 arch/x86/kvm/svm/svm.c                       | 26 +++++++++------
 tools/testing/selftests/kvm/x86/state_test.c | 35 ++++++++++++++++++++
 3 files changed, 59 insertions(+), 13 deletions(-)


base-commit: e944fe2c09f405a2e2d147145c9b470084bc4c9a
-- 
2.53.0.239.g8d8fc8a987-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ