lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1906271408380.32342@nanos.tec.linutronix.de>
Date:   Thu, 27 Jun 2019 14:11:43 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Xiaoyao Li <xiaoyao.li@...ux.intel.com>
cc:     Fenghua Yu <fenghua.yu@...el.com>, Ingo Molnar <mingo@...hat.com>,
        Borislav Petkov <bp@...en8.de>, H Peter Anvin <hpa@...or.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krcmar <rkrcmar@...hat.com>,
        Christopherson Sean J <sean.j.christopherson@...el.com>,
        Ashok Raj <ashok.raj@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Xiaoyao Li <xiaoyao.li@...el.com>,
        Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>,
        Ravi V Shankar <ravi.v.shankar@...el.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        x86 <x86@...nel.org>, kvm@...r.kernel.org
Subject: Re: [PATCH v9 11/17] kvm/vmx: Emulate MSR TEST_CTL

On Thu, 27 Jun 2019, Xiaoyao Li wrote:
> On 6/27/2019 3:12 PM, Thomas Gleixner wrote:
> > The real interesting question is whether the #AC on split lock prevents the
> > actual bus lock or not. If it does then the above is fine.
> > 
> > If not, then it would be trivial for a malicious guest to set the
> > SPLIT_LOCK_ENABLE bit and "handle" the exception pro forma, return to the
> > offending instruction and trigger another one. It lowers the rate, but that
> > doesn't make it any better.
> > 
> > The SDM is as usual too vague to be useful. Please clarify.
> > 
> This feature is to ensure no bus lock (due to split lock) in hardware, that to
> say, when bit 29 of TEST_CTL is set, there is no bus lock due to split lock
> can be acquired.

So enabling this prevents the bus lock, i.e. the exception is raised before
that happens.

Please add that information to the changelog as well because that's
important to know and makes me much more comfortable handing the #AC back
into the guest when it has it enabled.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ