From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: [PATCH v2 00/13] SMM implementation for KVM Date: Fri, 29 May 2015 21:34:00 +0200 Message-ID: <5568BF28.3040806@redhat.com> References: <1432746314-50196-1-git-send-email-pbonzini@redhat.com> <20150529190305.GB7856@potion.brq.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, guangrong.xiao@linux.intel.com, bdas@redhat.com To: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= Return-path: In-Reply-To: <20150529190305.GB7856@potion.brq.redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 29/05/2015 21:03, Radim Kr=C4=8Dm=C3=A1=C5=99 wrote: > I found a corner case that doesn't fit any specific patch: >=20 > We allow INIT while in SMM. This brings some security complications = as > we also don't reset hflags (another long standing bug?), but we don't > really need to because INIT in SMM is against the spec anyway; > APM May 2013 2:10.3.3 Exceptions and Interrupts, > =E2=80=A2 INIT=E2=80=94The processor does not recognize INIT while = in SMM. >=20 > SDM April 2015: 34.5.1 Initial SMM Execution Environment, > Maskable hardware interrupts, exceptions, NMI interrupts, SMI > interrupts, A20M interrupts, single-step traps, breakpoint traps, a= nd > INIT operations are inhibited when the processor enters SMM. >=20 > And there is no mention of an exception for INIT. > (Some extra old experiments say that INIT could be enabled, but that = is > not applicable now, http://www.rcollins.org/ddj/Mar97/Mar97.html) >=20 > I think that INIT received before RSM should be delivered after. Yes. I'll look at it next week and post a 14th patch. Paolo