[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 9/9] x86/vmx: Don't leak EFER.NXE into guest context



>>> On 24.05.18 at 18:48, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 24/05/18 17:01, Roger Pau Monné wrote:
>> On Tue, May 22, 2018 at 12:20:46PM +0100, Andrew Cooper wrote:
>>> --- a/xen/include/asm-x86/hvm/vmx/vmcs.h
>>> +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
>>> @@ -306,6 +306,8 @@ extern u64 vmx_ept_vpid_cap;
>>>      (vmx_cpu_based_exec_control & CPU_BASED_MONITOR_TRAP_FLAG)
>>>  #define cpu_has_vmx_pat \
>>>      (vmx_vmentry_control & VM_ENTRY_LOAD_GUEST_PAT)
>>> +#define cpu_has_vmx_efer \
>>> +    (vmx_vmentry_control & VM_ENTRY_LOAD_GUEST_EFER)
>> Don't you also need a vmx_vmexit_control & VM_EXIT_SAVE_GUEST_EFER and
>> vmx_vmexit_control & VM_EXIT_LOAD_HOST_EFER?
>>
>> Or can the presence of those two be inferred from
>> VM_ENTRY_LOAD_GUEST_EFER?
> 
> They were introduced at the same time into hardware, so these settings
> will be the same in practice.

I see other similar groups of features also aren't checked for consistency,
but wouldn't it be better to have such checks in vmx_init_vmcs_config()
(i.e. disable all three if at least one of them is unavailable)?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.