lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1c312f0d-9de4-1aea-7694-758a8b6103b0@redhat.com>
Date:   Mon, 8 Jan 2018 18:42:36 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Tom Lendacky <thomas.lendacky@....com>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>,
        Andrew Cooper <andrew.cooper3@...rix.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>, bp@...en8.de,
        dwmw@...zon.co.uk, gregkh@...ux-foundation.org, pjt@...gle.com,
        mingo@...nel.org, linux-kernel@...r.kernel.org, hpa@...or.com,
        tim.c.chen@...ux.intel.com, torvalds@...ux-foundation.org,
        peterz@...radead.org, dave.hansen@...el.com,
        linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of
 MFENCE_RDTSC

On 08/01/2018 18:39, Tom Lendacky wrote:
> On 1/8/2018 11:01 AM, Paolo Bonzini wrote:
>> On 08/01/2018 17:48, Dr. David Alan Gilbert wrote:
>>>> If your hypervisor is lying to you about the primary family, then all
>>>> bets are off.  I don't expect there will be any production systems doing
>>>> this.
>>> It's not that an unusual thing to do on qemu/kvm - to specify the lowest
>>> common denominator of the set of CPUs in your data centre (for any one
>>> vendor); it does tend to get some weird combinations.
>>
>> Agreed.  But on a hypervisor we pretty much know that:
>>
>> - the MSR_AMD64_DE_CFG doesn't exist unless you have a fix
> 
> Not sure what you mean by this...  the MSR exists today on many families.

But the hypervisor either should not expose it at all to the guest, or
if it does, it should not allow setting that bit to 1.

Paolo

> Thanks,
> Tom
> 
>>
>> - setting the MSR_AMD64_DE_CFG bit to 1 if you have a fix can be done
>> independent of the family
>>
>> So all KVM needs is a X86_FEATURE_LFENCE_SERIALIZE, it doesn't matter if
>> it's because of the family or because Linux has set MSR_F10H_DE_CFG.
>> The guest will either try setting the MSR bit and #GP, or it will find
>> it already set and do nothing.
>>
>> Of course no code for this has been written yet.
>>
>> Paolo
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ