lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 4 Jul 2018 20:39:50 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Paolo Bonzini <pbonzini@...hat.com>
cc:     Jingqi Liu <jingqi.liu@...el.com>, rkrcmar@...hat.com,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        wei.w.wang@...el.com, Robert Hoo <robert.hu@...ux.intel.com>
Subject: Re: [PATCH v2] KVM: Expose the split lock detection feature to guest
 VM

On Wed, 4 Jul 2018, Paolo Bonzini wrote:
> On 04/07/2018 16:51, Thomas Gleixner wrote:
> > There is no rush for this to be in KVM/QEMU now because all what exists for
> > this new split lock thing is 'silicon' running on an emulator. And w/o
> > support in the kernel proper this is completely useless.
> 
> That's good.  I assumed it was IceLake, in which case the feature would
> block the definition of a standard IceLake CPU model in QEMU.
> 
> > So this needs the following things:
> > 
> >   1) Proper enumeration via CPUID or MISC_FEATURES. The current detection
> >      hack is just broken.
> 
> Yes please.
> 
> >   2) A proper host side implementation, which then automatically makes the
> >      stuff usable in a guest once it is exposed.
> 
> If the CPUID bit or MISC_FEATURES is added, you don't even need the host
> side for the guests to use it.  It's only needed now because of the ugly
> MSR-based detection.
> 
> >   3) A proper way how to expose MSR_TEST_CTL to the guest, but surely not
> >      with extra split_lock_ctrl voodoo. It's an MSR nothing else. KVM/QEMU
> >      have standartized ways to deal with MSRs and the required selective
> >      bitwise access control.
> 
> That part is pretty much standard, I'm not worried about it.  We have
> one variable in struct kvm_vcpu_arch for each MSR (or set of MSRs) that
> we expose, so that's the split_lock_ctrl voodoo. :)
> 
> Once the detection is sorted out, KVM is easy.

That's what I thought and even if it was IceLeak then they still can flip a
CPUID/MISC FEATURE bit in their binary BIOS blob or ucode. We really need
to push back hard on these half baken features which need voodoo
programming to detect.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ