lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a5bfcabb-827b-fbf7-9395-de9332697c25@suse.com>
Date:   Fri, 15 Jun 2018 07:46:55 +0200
From:   Juergen Gross <jgross@...e.com>
To:     Jiri Kosina <jikos@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...e.de>
Cc:     Mike Latimer <mlatimer@...e.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/pti: don't report XenPV as vulnerable

On 15/06/18 00:32, Jiri Kosina wrote:
> From: Jiri Kosina <jkosina@...e.cz>
> 
> Xen PV domain is not by design affected by meltdown as it's enforcing 
> split CR3 itself. Let's not report such systems as "Vulnerable" in sysfs 
> (we're also already forcing PTI to off in X86_HYPER_XEN_PV cases)
> 
> Reported-and-tested-by: Mike Latimer <mlatimer@...e.com>
> Signed-off-by: Jiri Kosina <jkosina@...e.cz>
> ---
> 
> I originally wanted to just not set X86_BUG_CPU_MELTDOWN in 
> cpu_set_bug_bits() in the first place, but that has two issues:
> 
> - cpu_set_bug_bits() gets invoked from early_identify_cpu() before 
>   init_hypervisor_platform() had a chance to run, and therefore the
>   hypervisor type check doesn't work there
> 
> - it'd actually be inaccurate; the CPU *does* have the bug at the end
>   of the day (so it's properly kept being reported in cpuinfo), it's
>   "just a setup matter" that we don't need any addtional mitigation to
>   be applied by the kernel
> 
> So let's not overcomplicate it.
> 
>  arch/x86/kernel/cpu/bugs.c |    4 ++++
>  1 file changed, 4 insertions(+)
> 
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -26,6 +26,7 @@
>  #include <asm/pgtable.h>
>  #include <asm/set_memory.h>
>  #include <asm/intel-family.h>
> +#include <asm/hypervisor.h>
>  
>  static void __init spectre_v2_select_mitigation(void);
>  static void __init ssb_select_mitigation(void);
> @@ -685,6 +686,9 @@ static ssize_t cpu_show_common(struct de
>  		if (boot_cpu_has(X86_FEATURE_PTI))
>  			return sprintf(buf, "Mitigation: PTI\n");
>  
> +		if (hypervisor_is_type(X86_HYPER_XEN_PV))
> +			return sprintf(buf, "Not affected\n");

I don't like this. This is wrong for 32-bit guests and maybe wrong for
64-bit, too, in case the mitigation is disabled at hypervisor level.

So the test should be done only for CONFIG_X86_64 and the returned
string should be e.g. "Mitigation: XEN".


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ