| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jan 2018 07:23:53 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: Ashok Raj <ashok.raj@...el.com>, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Greg KH <gregkh@...uxfoundation.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Dave Hansen <dave.hansen@...el.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Andi Kleen <ak@...ux.intel.com>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>,
Peter Zijlstra <peterz@...radead.org>,
Dan Williams <dan.j.williams@...el.com>,
Jun Nakajima <jun.nakajima@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>
Subject: Re: [PATCH 4/5] x86/svm: Direct access to MSR_IA32_SPEC_CTRL
On Thu, 2018-01-11 at 17:32 -0800, Ashok Raj wrote:
>
> @@ -4910,6 +4935,14 @@ static void svm_vcpu_run(struct kvm_vcpu
> *vcpu)
>
> clgi();
>
> + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
> + /*
> + * FIXME: lockdep_assert_irqs_disabled();
> + */
> + WARN_ON_ONCE(!irqs_disabled());
> + spec_ctrl_set(svm->spec_ctrl);
> + }
> +
> local_irq_enable();
>
Same comments here as we've had previously. If you do this without an
'else lfence' then you need a comment showing that you've proved it's
safe.
And I don't think even using static_cpu_has() is good enough. We don't
already "rely" on that for anything but optimisations, AFAICT. Turning
a missed GCC optimisation into a security hole is not a good idea.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5213 bytes)
Powered by blists - more mailing lists