[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/4] x86: Drop cross-vendor support
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
- Date: Fri, 23 Jan 2026 12:39:49 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=citrix.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e6jO046wvO/xOzULy9DTNDhxFdPpFVtoUf5/0Ft5rh0=; b=LTsEA3dAujXQENYNGUpqpZYiFa6AvpKp3c6fVh9MkBhLMdHIiKUmEStJH3EWxzodAr92l+GDxTDmV4MFxJtcu2iLxfuP+XEHiNekt307kevvv2vPPyxsN47yNfd/SN/c7Ewc7yzKnQ1rj0ns/IscnFt71pAxGoQNFcrkd2ry9A1YKeNXq4gUATuka9/NAjPu76JPwp0k6Qcu5TZZiziIB2DRKLmRjPPQG8WKc64Xru+ISlbvL/dKhvJo7DalY+8idPl3f9Ke/6JkVinl/WNFM70LexKQGhPFXfOmDnVmNoiyEz2RdnP2DFB92l9V3TlUJwCajOkzU69lqTzBYQobrQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sY7uaAt99DzK/Ie4XMp8vmCqaX7xdadvsir5Zzj1++fOEahbMW5jyAtDm8o3X5zfJvr2LH+MVDTygrYMP/+tX5iriZO/CINhbXVEug/uGrJ2b+UsHUqkTXZup07AAKntRRmwvQ+xOD/F2lZjSkcjFpjHYphZkVVHZiB+RjlL0bFkaUzFOacDukiLrIbuzQYtPBWFgZFnmJBAIrhr6P3kvxeWpuI0ELgY42aLYonUDR4u6Loz1ak1tSdlrc2BclVydeM5zJpZRciIA4rmMH75p6CaSo3hMdRA68QhUgiR+k11+Zi7HCOvc4DGJokwFCuq+HhgA0jsjHva14sAqnuG3Q==
- Cc: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Community Manager <community.manager@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>
- Delivery-date: Fri, 23 Jan 2026 11:39:59 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu Jan 22, 2026 at 7:19 PM CET, Andrew Cooper wrote:
> On 22/01/2026 5:42 pm, Alejandro Vallejo wrote:
>> On Thu Jan 22, 2026 at 6:10 PM CET, Andrew Cooper wrote:
>>> On 22/01/2026 4:49 pm, Alejandro Vallejo wrote:
>>>> Open question unrelated to the series: Does it make sense to
>>>> conditionalise the
>>>> MSR handlers for non intercepted MSRs on HVM_FEP?
>>> I'm not quite sure what you're asking here.
>>>
>>> ~Andrew
>> The handlers for LSTAR and the like are dead code with !CONFIG_HVM_FEP as far
>> as I can tell. The question I'm asking is whether there is another code path
>> that might invoke MSR handlers for non-intercepted MSRs. I can't see it, but
>> I'm not sure.
>>
>> If there isn't I'm considering (conditionally) getting rid of them.
>
> Introspection can (and HVMI does) hook them. Changes to LSTAR during
> runtime is usually an exploit in progress.
>
> Nested virt also makes it far more complicated to reason about
> "intercepted or not", given that there are multiple opinions merged
> together.
>
> ~Andrew
nSVM definitely would trigger those, ta.
Conditionally removing nSVM is in our roadmap, and VMI is already gated on
ALTP2M. I'll put this on the pile somewhere.
Cheers,
Alejandro
|
