lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 7 Nov 2016 16:38:08 -0200
From:   Eduardo Habkost <ehabkost@...hat.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     David Matlack <dmatlack@...gle.com>, Kyle Huey <me@...ehuey.com>,
        "Robert O'Callahan" <robert@...llahan.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andy Lutomirski <luto@...nel.org>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Jeff Dike <jdike@...toit.com>,
        Richard Weinberger <richard@....at>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Shuah Khan <shuah@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Borislav Petkov <bp@...e.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Len Brown <len.brown@...el.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        Dmitry Safonov <dsafonov@...tuozzo.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v8 7/7] KVM: x86: virtualize cpuid faulting

On Fri, Nov 04, 2016 at 10:57:27PM +0100, Paolo Bonzini wrote:
> 
> 
> On 04/11/2016 21:34, David Matlack wrote:
> > On Mon, Oct 31, 2016 at 6:37 PM, Kyle Huey <me@...ehuey.com> wrote:
> >> +       case MSR_PLATFORM_INFO:
> >> +               /* cpuid faulting is supported */
> >> +               msr_info->data = PLATINFO_CPUID_FAULT;
> >> +               break;
> > 
> > This could break save/restore, if for example, a VM is migrated to a
> > version of KVM without MSR_PLATFORM_INFO support. I think the way to
> > handle this is to make MSR_PLATFORM_INFO writeable (but only from
> > userspace) so that hypervisors can defend themselves (by setting this
> > MSR to 0).
> 
> Right---and with my QEMU hat on, this feature will have to be enabled
> manually on the command line because of the way QEMU supports running
> with old kernels. :(  This however does not impact the KVM patch.
> 
> We may decide that, because CPUID faulting doesn't have a CPUID bit and
> is relatively a "fringe" feature, we are okay if the kernel enables this
> unconditionally and then userspace can arrange to block migration (in
> QEMU this would use a subsection).  David, Eduardo, opinions?

Doing this would let guest code intentionally prevent the VM from
being migrated to some hosts. Maybe it would be still acceptable
to do it by default, maybe not. But even if we decide to do this
by default, I would like to have the ability to disable the
feature just in case we find out it was a bad idea.

-- 
Eduardo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ