lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 15 Feb 2018 20:02:15 -0800
From:   Jim Mattson <jmattson@...gle.com>
To:     David Woodhouse <dwmw@...zon.co.uk>
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        kvm list <kvm@...r.kernel.org>,
        KarimAllah Ahmed <karahmed@...zon.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH 8/9] KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On Tue, Feb 6, 2018 at 9:29 AM, David Woodhouse <dwmw@...zon.co.uk> wrote:

> @@ -8828,6 +8890,15 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
>
>         vmx_arm_hv_timer(vcpu);
>
> +       /*
> +        * If this vCPU has touched SPEC_CTRL, restore the guest's value if
> +        * it's non-zero. Since vmentry is serialising on affected CPUs, there
> +        * is no need to worry about the conditional branch over the wrmsr
> +        * being speculatively taken.
> +        */
> +       if (vmx->spec_ctrl)
> +               wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
> +

Shouldn't this be wrmsrl_safe? Userspace can make an ioctl to set
vmx->spec_ctrl to non-zero even if the MSR is not supported on the
host.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ