lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALzav=dRU9svdrF-CBKc_zfgz9ziAhJ8bkyPeMZV9T9jxOMdRg@mail.gmail.com>
Date:	Fri, 11 Mar 2016 13:33:53 -0800
From:	David Matlack <dmatlack@...gle.com>
To:	Andy Lutomirski <luto@...capital.net>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	X86 ML <x86@...nel.org>, kvm list <kvm@...r.kernel.org>,
	Paolo Bonzini <pbonzini@...hat.com>,
	Ingo Molnar <mingo@...hat.com>,
	Andrew Lutomirski <luto@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Eric Northup <digitaleric@...gle.com>
Subject: Re: [PATCH 1/1] KVM: don't allow irq_fpu_usable when the VCPU's XCR0
 is loaded

On Fri, Mar 11, 2016 at 1:14 PM, Andy Lutomirski <luto@...capital.net> wrote:
>
> On Fri, Mar 11, 2016 at 12:47 PM, David Matlack <dmatlack@...gle.com> wrote:
> > From: Eric Northup <digitaleric@...gle.com>
> >
> > Add a percpu boolean, tracking whether a KVM vCPU is running on the
> > host CPU.  KVM will set and clear it as it loads/unloads guest XCR0.
> > (Note that the rest of the guest FPU load/restore is safe, because
> > kvm_load_guest_fpu and kvm_put_guest_fpu call __kernel_fpu_begin()
> > and __kernel_fpu_end(), respectively.)  irq_fpu_usable() will then
> > also check for this percpu boolean.
>
> Is this better than just always keeping the host's XCR0 loaded outside
> if the KVM interrupts-disabled region?

Probably not. AFAICT KVM does not rely on it being loaded outside that
region. xsetbv isn't insanely expensive, is it? Maybe to minimize the
time spent with interrupts disabled it was put outside.

I do like that your solution would be contained to KVM.

>
> --Andy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ