lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180110135219.GC9417@redhat.com>
Date:   Wed, 10 Jan 2018 14:52:19 +0100
From:   Andrea Arcangeli <aarcange@...hat.com>
To:     "Van De Ven, Arjan" <arjan.van.de.ven@...el.com>
Cc:     David Woodhouse <dwmw2@...radead.org>,
        Jiri Kosina <jikos@...nel.org>,
        "Mallick, Asit K" <asit.k.mallick@...el.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "Hansen, Dave" <dave.hansen@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...uxfoundation.org>,
        "x86@...nel.org" <x86@...nel.org>, Borislav Petkov <bp@...en8.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Andy Lutomirski <luto@...nel.org>
Subject: Re: [patch RFC 5/5] x86/speculation: Add basic speculation control
 code

On Wed, Jan 10, 2018 at 01:45:52PM +0000, Van De Ven, Arjan wrote:
>  
> > Andrea, what you're saying is directly contradicting what I've heard
> > from Intel.
> > 
> > The documentation already distinguishes between IBRS on current
> > hardware, and IBRS_ATT on future hardware. If it was the case that IBRS
> > on current hardware is a set-and-forget option and completely disables
> > branch prediction, then they would say that. Rather than explicitly
> > saying the *opposite*, specifically for the case of current hardware,
> > as they do.
> > 
> > Rather than continuing to debate it, perhaps it's best just to wake for
> > the US to wake up, and Intel to give a definitive answer.
> 
> On current hardware, you cannot just set IBRS always.

ibrs_enabled 1:

sets IBRS at vmexit and at kernel entry.
clears IBRS at kernel exit (return to usermode)
restores whatever IBRS value the guest was using at vmenter

ibrs_enabled 2:

sets IBRS always in host
sets IBRS if it wasn't already set by the guest in vmexit
restores whatever IBRS valeu the guest was using at vmenter

This matches the semantics described here by Tim patchset on lkml:

https://marc.info/?l=linux-kernel&m=151520606320646

If you what you say is correct, then you should discuss with Tim what
"echo 2 > /sys/kernel/debug/x86/ibrs_enabled will turn on IBRS in both
userspace and kernel" is doing or is supposed to achieve.

> (In practice, on some you might get lucky if you try. Intel does not guarantee it. Intel does not test it. The model is to write the msr on privilege change, e.g. ring transition)

ibrs_enabled 1 is the default always with SPEC_CTRL in cpuid.

The question is ibrs_enabled 2 optional mode but what is implemented
matches the semantics of the above patchset in link from Tim so again
you should talk with Tim and adjourn on the status of leaving IBRS
always on with current silicon.

I can tell in practice it works as I described in all microcodes
I tested.

Thanks,
Andrea

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ