lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 9 Mar 2017 15:16:03 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     "Li, Liang Z" <liang.z.li@...el.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "guangrong.xiao@...ux.intel.com" <guangrong.xiao@...ux.intel.com>,
        "rkrcmar@...hat.com" <rkrcmar@...hat.com>,
        "Neiger, Gil" <gil.neiger@...el.com>,
        "Lai, Paul C" <paul.c.lai@...el.com>
Subject: Re: [PATCH RFC 0/4] 5-level EPT



On 17/01/2017 03:18, Li, Liang Z wrote:
>> On 29/12/2016 10:25, Liang Li wrote:
>>> x86-64 is currently limited physical address width to 46 bits, which
>>> can support 64 TiB of memory. Some vendors require to support more for
>>> some use case. Intel plans to extend the physical address width to
>>> 52 bits in some of the future products.
>>>
>>> The current EPT implementation only supports 4 level page table, which
>>> can support maximum 48 bits physical address width, so it's needed to
>>> extend the EPT to 5 level to support 52 bits physical address width.
>>>
>>> This patchset has been tested in the SIMICS environment for 5 level
>>> paging guest, which was patched with Kirill's patchset for enabling
>>> 5 level page table, with both the EPT and shadow page support. I just
>>> covered the booting process, the guest can boot successfully.
>>>
>>> Some parts of this patchset can be improved. Any comments on the
>>> design or the patches would be appreciated.
>>
>> I will review the patches.  They seem fairly straightforward.
>>
>> However, I am worried about the design of the 5-level page table feature
>> with respect to migration.
>>
>> Processors that support the new LA57 mode can write 57-canonical/48-
>> noncanonical linear addresses to some registers even when LA57 mode is
>> inactive.  This is true even of unprivileged instructions, in particular
>> WRFSBASE/WRGSBASE.
>>
>> This is fairly bad because, if a guest performs such a write (because of a bug
>> or because of malice), it will not be possible to migrate the virtual machine to
>> a machine that lacks LA57 mode.
>>
>> Ordinarily, hypervisors trap CPUID to hide features that are only present in
>> some processors of a heterogeneous cluster, and the hypervisor also traps
>> for example CR4 writes to prevent enabling features that were masked away.
>> In this case, however, the only way for the hypervisor to prevent the write
>> would be to run the guest with
>> CR4.FSGSBASE=0 and trap all executions of WRFSBASE/WRGSBASE.  This
>> might have negative effects on performance for workloads that use the
>> instructions.
>>
>> Of course, this is a problem even without your patches.  However, I think it
>> should be addressed first.  I am seriously thinking of blacklisting FSGSBASE
>> completely on LA57 machines until the above is fixed in hardware.
>>
>> Paolo
> 
> The issue has already been forwarded to the hardware guys, still waiting for the feedback.

Going to review this now.  Any news?

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ