| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Mar 2009 15:47:18 -0700 From: Arjan van de Ven <arjan@...radead.org> To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: "H. Peter Anvin" <hpa@...or.com>, Jan Beulich <jbeulich@...ell.com>, Xen-devel <xen-devel@...ts.xensource.com>, Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>, the arch/x86 maintainers <x86@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [Xen-devel] [PATCH 10/24] xen: mask XSAVE from cpuid On Sun, 15 Mar 2009 14:03:10 -0700 Jeremy Fitzhardinge <jeremy@...p.org> wrote: > H. Peter Anvin wrote: > > Jeremy Fitzhardinge wrote: > > > >> Jan Beulich wrote: > >> > >>> As pointed out on an earlier thread, it seems inappropriate to do > >>> probing like this when there is a cpuid feature flag (osxsave) > >>> that can be used to > >>> determine whether XSAVE can be used. And even without that flag, > >>> simply reading CR4 and checking whether osxsave is set there would > >>> suffice. This is under the assumption that Xen's to-be-done > >>> implementation > >>> of XSAVE support would match that of FXSAVE (Xen turns its > >>> support on unconditionally and for all [pv] guests). > >>> > >> I didn't want to make too many assumptions about how Xen's XSAVE > >> support would look. In particular, I thought it might virtualize > >> the state of OSXSAVE to give the guest the honour of appearing to > >> enable it. A guest kernel may get confused if it starts with > >> OSXSAVE set, as it may use it to control its own init logic. > >> > > > > That wouldn't be an issue if you use the *native* CPUID to look for > > OSXSAVE early on, since such virtualization would only be visible > > though the PV interface, right? > > > > It seems cleaner than probing, to be sure... > > > > Well, at the moment the problem is that cpuid (both PV and native) > show XSAVE, but Xen prevents cr4.OSXSAVE from being set, crashing the > kernel. There's now a patch in Xen to mask XSAVE in CPUID, so that > guests don't try to use it; the patch in the kernel is just to > support non-bleeding-edge versions of Xen. This is indicative of something that might be a huge bug in Xen: Xen should never ever pass through CPUID bits it does not know. If Xen does not honor that, there is a fundamental and eternally recurring problem.... every time something new gets introduced Xen likely breaks. -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists