| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALMp9eS4Y7+n+S49eC4n-0LazrmREpUATnELjEn2gRZQPeQirg@mail.gmail.com>
Date: Fri, 12 Jan 2018 09:03:01 -0800
From: Jim Mattson <jmattson@...gle.com>
To: Wanpeng Li <kernellwp@...il.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
LKML <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org>,
Radim Krcmar <rkrcmar@...hat.com>,
Liran Alon <liran.alon@...cle.com>,
Anthony Liguori <aliguori@...zon.com>,
Tom Lendacky <thomas.lendacky@....com>, dwmw@...zon.co.uk,
Borislav Petkov <bp@...en8.de>,
"the arch/x86 maintainers" <x86@...nel.org>,
Tim Chen <tim.c.chen@...ux.intel.com>
Subject: Re: [PATCH 4/8] kvm: vmx: Set IBPB when running a different VCPU
The point behind the IPBP in vmx_vcpu_load is to prevent one VCPU from
steering the speculative execution of the next. If the VMCS address is
recycled, vmx_vcpu_load doesn't realize that the VCPUs are different,
and so it won't issue the IPBP.
On Thu, Jan 11, 2018 at 5:49 PM, Wanpeng Li <kernellwp@...il.com> wrote:
> 2018-01-09 20:03 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
>>
>> if (!already_loaded) {
>> @@ -4029,6 +4031,13 @@ static void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
>> free_vmcs(loaded_vmcs->vmcs);
>> loaded_vmcs->vmcs = NULL;
>> WARN_ON(loaded_vmcs->shadow_vmcs != NULL);
>> +
>> + /*
>> + * The VMCS could be recycled, causing a false negative in
>> + * vmx_vcpu_load; block speculative execution.
>> + */
>> + if (have_spec_ctrl)
>> + wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
>> }
>
> Intel guys told us the recycle is about the address of vmcs, not the
> content. Could you explain more why it matters?
>
> Regards,
> Wanpeng Li
Powered by blists - more mailing lists