>>> On 23.07.18 at 16:11, <[email protected]> wrote: > On Mon, Jul 23, 2018 at 02:49:50PM +0100, Andrew Cooper wrote: >> It turns out that nothing ever prevented HVM guests from trying to set > unknown >> EFER bits. Generally, this results in a vmentry failure. >> >> For Intel hardware, all implemented bits are covered by the checks. >> >> For AMD hardware, the only EFER bit which isn't covered by the checks is TCE >> (which AFAICT is specific to AMD Fam15/16 hardware). We never advertise TCE >> in CPUID, but it isn't a security problem to have TCE unexpected enabled in >> guest context. >> >> Disallow the setting of bits outside of the EFER_KNOWN_MASK, which prevents >> any vmentry failures for guests, yielding #GP instead. >> >> Signed-off-by: Andrew Cooper <[email protected]> > > Reviewed-by: Roger Pau Monné <[email protected]>
Acked-by: Jan Beulich <[email protected]> _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
