| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2018 21:03:27 -0800
From: Nadav Amit <nadav.amit@...il.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Liran Alon <liran.alon@...cle.com>, jmattson@...gle.com,
x86@...nel.org, dwmw@...zon.co.uk, bp@...en8.de,
aliguori@...zon.com, thomas.lendacky@....com, rkrcmar@...hat.com,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
MSR_IA32_PRED_CMD down to the guest
Paolo Bonzini <pbonzini@...hat.com> wrote:
> On 09/01/2018 17:48, Liran Alon wrote:
>>>> + if (have_spec_ctrl) {
>>>> + rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
>>>> + if (vmx->spec_ctrl != 0)
>>>> + wrmsrl(MSR_IA32_SPEC_CTRL, 0);
>>
>> As I said also on the AMD patch, I think this is a bug.
>> Intel specify that we should set IBRS bit even if it was already set on every #VMExit.
>
> That's correct (though I'd like to understand _why_---I'm not inclined
> to blindly trust a spec), but for now it's saving a wrmsr of 0. That is
> quite obviously okay, and will be also okay after the bare-metal IBRS
> patches.
>
> Of course the code will become something like
>
> if (using_ibrs || vmx->spec_ctrl != 0)
> wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs);
>
> optimizing the case where the host is using retpolines.
Excuse my ignorance: Can you point me to the specifications that mention “we
should set IBRS bit even if it was already set on every #VMExit” ?
Thanks,
Nadav
Powered by blists - more mailing lists