2016-08-01 23:01 GMT+08:00 Paolo Bonzini :
>
>
> On 31/07/2016 04:32, Wanpeng Li wrote:
>> 2016-07-14 16:09 GMT+08:00 Paolo Bonzini :
>> [...]
>>>
>>> This is not necessary because this is how KVM computes
>>> CPUID[EAX=7,EBX=0].ECX:
>>>
>>> unsigned f_umip = kvm_x86_ops->umip_emulated() ?
On 31/07/2016 04:32, Wanpeng Li wrote:
> 2016-07-14 16:09 GMT+08:00 Paolo Bonzini :
> [...]
>>
>> This is not necessary because this is how KVM computes
>> CPUID[EAX=7,EBX=0].ECX:
>>
>> unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
>> ...
>> const u32 kvm_c
2016-07-14 16:09 GMT+08:00 Paolo Bonzini :
[...]
>
> This is not necessary because this is how KVM computes
> CPUID[EAX=7,EBX=0].ECX:
>
> unsigned f_umip = kvm_x86_ops->umip_emulated() ? F(UMIP) : 0;
> ...
> const u32 kvm_cpuid_7_0_ecx_x86_features = F(PKU) | F(UMIP);
>
On 14/07/2016 14:36, Radim Krčmář wrote:
>>> And we could then return true in vmx_umip_emulated() when
>>> boot_cpu_has(X86_FEATURE_UMIP).
>>> (Just for self-documentation, because occurrence of X86_FEATURE_UMIP is
>>> most likely a subset of SECONDARY_EXEC_DESC.)
>>
>> This is not necessary bec
2016-07-14 10:09+0200, Paolo Bonzini:
> On 13/07/2016 22:30, Radim Krčmář wrote:
>> 2016-07-12 21:20+0200, Paolo Bonzini:
>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>> @@ -3967,6 +3968,14 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu,
>>> unsigned long cr4)
>>> (to_vmx
On 13/07/2016 22:30, Radim Krčmář wrote:
> 2016-07-12 21:20+0200, Paolo Bonzini:
>> UMIP (User-Mode Instruction Prevention) is a feature of future
>> Intel processors (Cannonlake?) that blocks SLDT, SGDT, STR, SIDT
>> and SMSW from user-mode processes.
>>
>> On Intel systems it's *almost* possibl
2016-07-12 21:20+0200, Paolo Bonzini:
> UMIP (User-Mode Instruction Prevention) is a feature of future
> Intel processors (Cannonlake?) that blocks SLDT, SGDT, STR, SIDT
> and SMSW from user-mode processes.
>
> On Intel systems it's *almost* possible to emulate it; it slows
> down the instructions
On 13/07/2016 12:02, Yang Zhang wrote:
> On 2016/7/13 17:35, Paolo Bonzini wrote:
>>
>>
>> On 13/07/2016 11:21, Yang Zhang wrote:
+static int handle_desc(struct kvm_vcpu *vcpu)
+{
+WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
>>>
>>> I think WARN_ON is too heavy since a mali
On 2016/7/13 17:35, Paolo Bonzini wrote:
On 13/07/2016 11:21, Yang Zhang wrote:
+static int handle_desc(struct kvm_vcpu *vcpu)
+{
+WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
I think WARN_ON is too heavy since a malicious guest may trigger it always.
I missed this---how so? Setting th
On 2016/7/13 17:35, Paolo Bonzini wrote:
On 13/07/2016 11:21, Yang Zhang wrote:
+if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) {
+vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
+ SECONDARY_EXEC_DESC);
+hw_cr4 &= ~X86_CR4_UMIP;
+} else
+
On 13/07/2016 11:21, Yang Zhang wrote:
>>
>> +if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) {
>> +vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL,
>> + SECONDARY_EXEC_DESC);
>> +hw_cr4 &= ~X86_CR4_UMIP;
>> +} else
>> +vmcs_clear_bits(SECONDA
On 13/07/2016 11:21, Yang Zhang wrote:
>>
>> +static int handle_desc(struct kvm_vcpu *vcpu)
>> +{
>> +WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
>
> I think WARN_ON is too heavy since a malicious guest may trigger it always.
I missed this---how so? Setting the bit is under "if ((cr4 &
X86_
On 2016/7/13 3:20, Paolo Bonzini wrote:
UMIP (User-Mode Instruction Prevention) is a feature of future
Intel processors (Cannonlake?) that blocks SLDT, SGDT, STR, SIDT
and SMSW from user-mode processes.
On Intel systems it's *almost* possible to emulate it; it slows
down the instructions when th
UMIP (User-Mode Instruction Prevention) is a feature of future
Intel processors (Cannonlake?) that blocks SLDT, SGDT, STR, SIDT
and SMSW from user-mode processes.
On Intel systems it's *almost* possible to emulate it; it slows
down the instructions when they're executed in ring 0, but they
are rea
14 matches
Mail list logo
