lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Aug 2014 17:13:18 -0700 From: Andy Lutomirski <luto@...capital.net> To: Paolo Bonzini <pbonzini@...hat.com> Cc: Gleb Natapov <gleb@...nel.org>, Raghavendra K T <raghavendra.kt@...ux.vnet.ibm.com>, "Theodore Ts'o" <tytso@....edu>, Kees Cook <keescook@...omium.org>, kvm list <kvm@...r.kernel.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Bandan Das <bsd@...hat.com>, Andrew Honig <ahonig@...gle.com>, Haiyang Zhang <haiyangz@...rosoft.com>, X86 ML <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Linux Virtualization <virtualization@...ts.linux-foundation.org>, Daniel Borkmann <dborkman@...hat.com>, Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>, "H. Peter Anvin" <hpa@...or.com>, Alok Kataria <akataria@...are.com> Subject: Re: GET_RNG_SEED hypercall ABI? (Re: [PATCH v5 0/5] random,x86,kvm: Rework arch RNG seeds and get some from kvm) On Thu, Aug 28, 2014 at 12:46 PM, Paolo Bonzini <pbonzini@...hat.com> wrote: > Il 28/08/2014 18:22, Andy Lutomirski ha scritto: >> Is there a non-cpuid interface between QEMU and KVM for this? > > No. Hmm. Then, assuming that someone manages to allocate a cross-hypervisor MSR number for this, what am I supposed to do in the KVM code? Just make it available unconditionally? I don't see why that wouldn't work reliably, but it seems like an odd design. > >> AFAICT, even turning off cpuid bits for things like async pf doesn't >> actually disable the MSRs (which is arguably an attack surface issue). > > No, it doesn't. You cannot disable instructions even if you hide CPUID > bits, so KVM just extends this to MSRs (both native and paravirtual). It > sometimes helps too, for example with a particular guest OS that does > not necessary check CPUID for bits that are always present on Apple > hardware... But I bet that no one assumes that KVM paravirt MSRs are available even if the feature bit isn't set. Also, the one and only native feature flag I tested (rdtscp) actually does work: RDTSCP seems to send #UD if QEMU is passed -cpu host,-rdtscp. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists