| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jan 2018 11:41:09 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Tim Chen <tim.c.chen@...ux.intel.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: jmattson@...gle.com, aliguori@...zon.com, thomas.lendacky@....com,
dwmw@...zon.co.uk, bp@...en8.de, ashok.raj@...el.com
Subject: Re: [PATCH 3/7] kvm: vmx: pass MSR_IA32_SPEC_CTRL and
MSR_IA32_PRED_CMD down to the guest
On 11/01/2018 03:47, Tim Chen wrote:
> On 01/08/2018 10:08 AM, Paolo Bonzini wrote:
>
>> @@ -9597,6 +9620,9 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
>>
>> pt_guest_enter(vmx);
>>
>> + if (have_spec_ctrl && vmx->spec_ctrl != 0)
>> + wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
>> +
>
> Say host uses IBRS (have_spec_ctrl==1), and have IBRS set to 1.
> And say guest's vmx->spec_ctrl is 0 and not using IBRS.
>
> We will be leaving IBRS msr as 1 and won't be
> switching it to 0 before entering guest.
> Guest will be running with incorrect IBRS value.
>
> Seems like the correct logic is
>
> if (host_supports_ibrs)
> /* switch IBRS if host and guest ibrs differs */
> if ((host_uses_ibrs && vmx->spec_ctrl == 0) || /* host IBRS 1, guest IBRS 0 */
> (!host_uses_ibrs && vmx->spec_ctrl == 1)) /* host IBRS 0, guest IBRS 1 */
> wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
> }
>
> Your have_spec_ctrl logic specifies that IBRS is available.
> But that doesn't necessarily mean that we will use IBRS in
> host.
Of course. But these patches are just an initial version for a host
that doesn't support IBRS.
Paolo
Powered by blists - more mailing lists