| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Dec 2018 14:48:37 -0200
From: Eduardo Habkost <ehabkost@...hat.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
kvm@...r.kernel.org, Jim Mattson <jmattson@...gle.com>,
x86@...nel.org, linux-kernel@...r.kernel.org,
KarimAllah Ahmed <karahmed@...zon.de>,
David Woodhouse <dwmw2@...radead.org>
Subject: Re: [PATCH] kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
On Wed, Dec 05, 2018 at 05:02:06PM -0500, Konrad Rzeszutek Wilk wrote:
> On Wed, Dec 05, 2018 at 05:19:56PM -0200, Eduardo Habkost wrote:
> > Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
> > to the guest, which makes STIBP available to guests. This was implemented
> > by commits d28b387fb74d ("KVM/VMX: Allow direct access to
> > MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to
> > MSR_IA32_SPEC_CTRL").
> >
> > However, we never updated GET_SUPPORTED_CPUID to let userspace know that
> > STIBP can be enabled in CPUID. Fix that by updating
>
> Ooops!
> > kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features.
>
> Shouldn't there also be a patch in QEMU to use it? (aka, +stibp).
I will submit the QEMU patch soon.
A patch exists on some downstream QEMU distributions, already,
but it was never merged upstream because GET_SUPPORTED_CPUID
never supported STIBP in the upstream kernel. (And because in
the end it was not used for mitigating Spectre)
>
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Thanks!
--
Eduardo
Powered by blists - more mailing lists