Mailing List Archive

From:: "Theo de Raadt" <deraadt@openbsd.org>
Subject:: Re: SEV support in vmm breaking Intel VMX guests
To:: Dave Voutila <dv@sisu.io>
Cc:: tech@openbsd.org, Alexandre Ratchov <ratchov@openbsd.org>, Moritz Buhl <mbuhl@openbsd.org>, Hans-Joerg Hoexer <hshoexer@genua.de>
Date:: Wed, 04 Sep 2024 07:59:00 -0600

Download raw body.

Thread

2024-09-04 13:46 Dave Voutila:
SEV support in vmm breaking Intel VMX guests
- 2024-09-04 13:59 Theo de Raadt:
  SEV support in vmm breaking Intel VMX guests
- 2024-09-04 14:10 Dave Voutila:
  SEV support in vmm breaking Intel VMX guests
- - 2024-09-04 14:28 Hans-Jörg Höxer:
    [EXT] Re: SEV support in vmm breaking Intel VMX guests

Dave Voutila <dv@sisu.io> wrote:

> ratchov@ found and bisected the issue and we're incorrectly advertising
> capabilities to Intel guests that most likely do not exist. This value
> shouldn't be hardcoded, regardless. Apparently Linux guests on older
> Intel hardware will start doing naughty things and panic/reboot.

[...]

> @@ -59,6 +59,8 @@ void *l1tf_flush_region;
>  				vcpu_vmx_check_cap(x, IA32_VMX_##y ##_CTLS, \
>  				IA32_VMX_##z, 0) ? "Yes" : "No");
> 
> +#define MIN(a,b)	(((a)<(b))?(a):(b))

If I am not mistaken, this is already provided by sys/param.h

2024-09-04 13:46 Dave Voutila:
SEV support in vmm breaking Intel VMX guests
- 2024-09-04 13:59 Theo de Raadt:
  SEV support in vmm breaking Intel VMX guests
- 2024-09-04 14:10 Dave Voutila:
  SEV support in vmm breaking Intel VMX guests
- - 2024-09-04 14:28 Hans-Jörg Höxer:
    [EXT] Re: SEV support in vmm breaking Intel VMX guests