| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2018 16:33:47 -0800 (PST)
From: Liran Alon <liran.alon@...cle.com>
To: <pbonzini@...hat.com>
Cc: <jmattson@...gle.com>, <x86@...nel.org>, <dwmw@...zon.co.uk>,
<bp@...en8.de>, <thomas.lendacky@....com>, <aliguori@...zon.com>,
<rkrcmar@...hat.com>, <linux-kernel@...r.kernel.org>,
<kvm@...r.kernel.org>
Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
MSR_IA32_PRED_CMD down to the guest
----- pbonzini@...hat.com wrote:
> On 09/01/2018 17:48, Liran Alon wrote:
> >>>
> >>> + if (have_spec_ctrl) {
> >>> + rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
> >>> + if (vmx->spec_ctrl != 0)
> >>> + wrmsrl(MSR_IA32_SPEC_CTRL, 0);
> >
> > As I said also on the AMD patch, I think this is a bug.
> > Intel specify that we should set IBRS bit even if it was already set
> on every #VMExit.
>
> That's correct (though I'd like to understand _why_---I'm not
> inclined
> to blindly trust a spec), but for now it's saving a wrmsr of 0. That
> is
> quite obviously okay, and will be also okay after the bare-metal IBRS
> patches.
>
> Of course the code will become something like
>
> if (using_ibrs || vmx->spec_ctrl != 0)
> wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs);
>
> optimizing the case where the host is using retpolines.
>
> Paolo
I agree with all the above.
-Liran
Powered by blists - more mailing lists