| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Jan 2018 08:27:04 -0800
From: Andy Lutomirski <luto@...nel.org>
To: David Woodhouse <dwmw2@...radead.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Josh Poimboeuf <jpoimboe@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
Dave Hansen <dave.hansen@...el.com>,
Ashok Raj <ashok.raj@...el.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Greg KH <gregkh@...uxfoundation.org>,
Andrea Arcangeli <aarcange@...hat.com>,
Andi Kleen <ak@...ux.intel.com>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>,
Dan Williams <dan.j.williams@...el.com>,
Jun Nakajima <jun.nakajima@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Jason Baron <jbaron@...mai.com>
Subject: Re: [PATCH 34/35] x86/kvm: Add IBPB support
On Fri, Jan 19, 2018 at 8:08 AM, David Woodhouse <dwmw2@...radead.org> wrote:
> On Fri, 2018-01-19 at 16:25 +0100, Paolo Bonzini wrote:
>> Without retpolines, KVM userspace is not protected from the guest
>> poisoning the BTB, because there is no IBRS-barrier on the vmexit
>> path.
>> So there are two more IBPBs that are needed if retpolines are
>> enabled:
>>
>> 1) in kvm_sched_out
>>
>> 2) at the end of vcpu_run
>
> Hm, yes. That does seem reasonable. Can we make it conditional so it
> only happens *if* we end up back in userspace, and not for a VM-
>>kernel->VM transition?
kvm_on_user_return(), perhaps?
Powered by blists - more mailing lists