From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH] KVM: x86: never trap MSR_KERNEL_GS_BASE
Date: Mon, 24 Sep 2018 09:04:57 -0700 [thread overview]
Message-ID: <1537805097.8731.2.camel@intel.com> (raw)
In-Reply-To: <1537803519-17941-1-git-send-email-pbonzini@redhat.com>
On Mon, 2018-09-24 at 17:38 +0200, Paolo Bonzini wrote:
> KVM has an old optimization whereby accesses to the kernel GS base MSR
> are trapped when the guest is in 32-bit and not when it is in 64-bit mode.
> The idea is that swapgs is not available in 32-bit mode and thus the
> guest has no reason to access the MSR unless in 64-bit mode. Therefore
> 32-bit applications need not pay the price of switching the kernel GS
> base between the host and the guest values, 64-bit applications.
>
> However, this optimization adds complexity to the code for little
> benefit (these days most guests are going to be 64-bit anyway) and in fact
> broke after commit 678e315e78a7 ("KVM: vmx: add dedicated utility to
> access guest's kernel_gs_base", 2018-08-06); the guest kernel GS base
> can be corrupted across SMIs and UEFI Secure Boot is therefore broken
> (a secure boot Linux guest, for example, fails to reach the login prompt
> about half the time). This patch just removes the optimization; the
> kernel GS base MSR is now never trapped by KVM, similarly to the FS and
> GS base MSRs.
>
> Fixes: 678e315e78a780dbef384b92339c8414309dbc11
> Cc: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
next prev parent reply other threads:[~2018-09-24 16:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-24 15:38 [PATCH] KVM: x86: never trap MSR_KERNEL_GS_BASE Paolo Bonzini
2018-09-24 16:04 ` Sean Christopherson [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-09-24 15:36 Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1537805097.8731.2.camel@intel.com \
--to=sean.j.christopherson@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.