lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7c274466-6d93-d1ba-8721-4d69f847b40f@redhat.com>
Date:   Tue, 31 Jul 2018 09:39:18 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Matthew Whitehead <tedheadster@...il.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86: kvm: Restrict X86_FEATURE_VMMCALL to x86_64 platform

On 30/07/2018 21:40, Matthew Whitehead wrote:
> early_init_amd() is called on all AMD processors, both 64 and 32 bit.
> Presently 32 bit processors get the X86_FEATURE_VMMCALL feature set, which
> they do not support. Add conditionals to restrict it to 64 bit processors.

This shouldn't be necessary; for systems that don't have virtualization
extensions, the comment explains why setting X86_FEATURE_VMMCALL is safe.

But it is also wrong, because you can run a 32-bit kernel as a guest on
a 64-bit processor, and then it should set X86_FEATURE_VMMCALL because
the processor has the vmmcall instruction and not Intel's vmcall.

Thanks,

Paolo

> Cc: Paolo Bonzini <pbonzini@...hat.com>
> Signed-off-by: Matthew Whitehead <tedheadster@...il.com>
> ---
>  arch/x86/kernel/cpu/amd.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 38915fbfae73..df06919324cd 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -662,12 +662,14 @@ static void early_init_amd(struct cpuinfo_x86 *c)
>  	}
>  #endif
>  
> +#ifdef CONFIG_X86_64
>  	/*
>  	 * This is only needed to tell the kernel whether to use VMCALL
>  	 * and VMMCALL.  VMMCALL is never executed except under virt, so
>  	 * we can set it unconditionally.
>  	 */
>  	set_cpu_cap(c, X86_FEATURE_VMMCALL);
> +#endif
>  
>  	/* F16h erratum 793, CVE-2013-6885 */
>  	if (c->x86 == 0x16 && c->x86_model <= 0xf)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ