| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jan 2018 18:01:36 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: "Dr. David Alan Gilbert" <dgilbert@...hat.com>,
Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>, bp@...en8.de,
dwmw@...zon.co.uk, gregkh@...ux-foundation.org, pjt@...gle.com,
mingo@...nel.org, linux-kernel@...r.kernel.org, hpa@...or.com,
tim.c.chen@...ux.intel.com, torvalds@...ux-foundation.org,
peterz@...radead.org, dave.hansen@...el.com,
linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of
MFENCE_RDTSC
On 08/01/2018 17:48, Dr. David Alan Gilbert wrote:
>> If your hypervisor is lying to you about the primary family, then all
>> bets are off. I don't expect there will be any production systems doing
>> this.
> It's not that an unusual thing to do on qemu/kvm - to specify the lowest
> common denominator of the set of CPUs in your data centre (for any one
> vendor); it does tend to get some weird combinations.
Agreed. But on a hypervisor we pretty much know that:
- the MSR_AMD64_DE_CFG doesn't exist unless you have a fix
- setting the MSR_AMD64_DE_CFG bit to 1 if you have a fix can be done
independent of the family
So all KVM needs is a X86_FEATURE_LFENCE_SERIALIZE, it doesn't matter if
it's because of the family or because Linux has set MSR_F10H_DE_CFG.
The guest will either try setting the MSR bit and #GP, or it will find
it already set and do nothing.
Of course no code for this has been written yet.
Paolo
Powered by blists - more mailing lists