lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jan 2018 09:03:01 -0800 From: Jim Mattson <jmattson@...gle.com> To: Wanpeng Li <kernellwp@...il.com> Cc: Paolo Bonzini <pbonzini@...hat.com>, LKML <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org>, Radim Krcmar <rkrcmar@...hat.com>, Liran Alon <liran.alon@...cle.com>, Anthony Liguori <aliguori@...zon.com>, Tom Lendacky <thomas.lendacky@....com>, dwmw@...zon.co.uk, Borislav Petkov <bp@...en8.de>, "the arch/x86 maintainers" <x86@...nel.org>, Tim Chen <tim.c.chen@...ux.intel.com> Subject: Re: [PATCH 4/8] kvm: vmx: Set IBPB when running a different VCPU The point behind the IPBP in vmx_vcpu_load is to prevent one VCPU from steering the speculative execution of the next. If the VMCS address is recycled, vmx_vcpu_load doesn't realize that the VCPUs are different, and so it won't issue the IPBP. On Thu, Jan 11, 2018 at 5:49 PM, Wanpeng Li <kernellwp@...il.com> wrote: > 2018-01-09 20:03 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>: >> >> if (!already_loaded) { >> @@ -4029,6 +4031,13 @@ static void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) >> free_vmcs(loaded_vmcs->vmcs); >> loaded_vmcs->vmcs = NULL; >> WARN_ON(loaded_vmcs->shadow_vmcs != NULL); >> + >> + /* >> + * The VMCS could be recycled, causing a false negative in >> + * vmx_vcpu_load; block speculative execution. >> + */ >> + if (have_spec_ctrl) >> + wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB); >> } > > Intel guys told us the recycle is about the address of vmcs, not the > content. Could you explain more why it matters? > > Regards, > Wanpeng Li
Powered by blists - more mailing lists