lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 May 2008 18:48:55 -0700
From:	Suresh Siddha <suresh.b.siddha@...el.com>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Suresh Siddha <suresh.b.siddha@...el.com>,
	Mikael Pettersson <mikpe@...uu.se>,
	Andi Kleen <andi@...stfloor.org>, mingo@...e.hu,
	tglx@...utronix.de, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, roland@...hat.com, drepper@...hat.com,
	Hongjiu.lu@...el.com, linux-kernel@...r.kernel.org,
	arjan@...ux.intel.com, rmk+lkml@....linux.org.uk, dan@...ian.org,
	asit.k.mallick@...el.com
Subject: Re: [RFC] x86: xsave/xrstor support, ucontext_t extensions

On Thu, May 22, 2008 at 02:34:45PM -0700, H. Peter Anvin wrote:
> Suresh Siddha wrote:
> >
> >can you please elaborate? even in presence of virtualization, appropriate
> >cpuid bits need to be set/visible for application, for xsave/xrstor to work
> >properly.
> >
> 
> For many paravirtualization solutions, CPUID "leak" from the hypervisor. 
>  The fact that CPUID cannot be disabled (made ring 0 only) is a major 
> flaw in the architecture.
> 
> Therefore, relying on CPUID is too dangerous.

hmm.. so the kernel needs to export all the cpuid info (that the kernel enables
and supports) to the user through some mechanism then?

atleast in the xsave case, hypervisor can completely control the
OSXSAVE flag. I am still not convinced whether I need to add prctl()
to indicate the layout. If I have to add, then it should not just
be about whether xsave information is included in _fpstate or not, it should also
be about the whole cpuid information provided by the xsave architecture. Because
the user potentially needs all that information, to make sense out of
the data layout included in the extended state area.

thanks,
suresh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ