lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Aug 2020 14:05:16 -0500 From: Tom Lendacky <thomas.lendacky@....com> To: Jim Mattson <jmattson@...gle.com> Cc: Andy Lutomirski <luto@...nel.org>, Sean Christopherson <sean.j.christopherson@...el.com>, Joerg Roedel <joro@...tes.org>, Paolo Bonzini <pbonzini@...hat.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>, "Chang S. Bae" <chang.seok.bae@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Sasha Levin <sashal@...nel.org>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org> Subject: Re: FSGSBASE causing panic on 5.9-rc1 On 8/20/20 2:04 PM, Tom Lendacky wrote: > On 8/20/20 1:41 PM, Tom Lendacky wrote: >> On 8/20/20 1:39 PM, Jim Mattson wrote: >>> On Thu, Aug 20, 2020 at 11:38 AM Jim Mattson <jmattson@...gle.com> wrote: >>>> >>>> On Thu, Aug 20, 2020 at 11:34 AM Tom Lendacky >>>> <thomas.lendacky@....com> wrote: >>>>> >>>>> >>>>> Bisecting with unsafe_fsgsbase identified: >>>>> >>>>> c82965f9e530 ("x86/entry/64: Handle FSGSBASE enabled paranoid >>>>> entry/exit") >>>>> >>>>> But I'm thinking that could be because it starts using GET_PERCPU_BASE, >>>>> which on Rome would use RDPID. So is SVM restoring TSC_AUX_MSR too late? >>>>> That would explain why I don't see the issue on Naples, which doesn't >>>>> support RDPID. >>>> >>>> It looks to me like SVM loads the guest TSC_AUX from vcpu_load to >>>> vcpu_put, with this comment: >>>> >>>> /* This assumes that the kernel never uses MSR_TSC_AUX */ >>>> if (static_cpu_has(X86_FEATURE_RDTSCP)) >>>> wrmsrl(MSR_TSC_AUX, svm->tsc_aux); >>> >>> Correction: It never restores TSC_AUX, AFAICT. >> >> It does, it's in the host_save_user_msrs array. > > I added a quick hack to save TSC_AUX to a new variable in the SVM struct > and then restore it right after VMEXIT (just after where GS is restored in > svm_vcpu_enter_exit()) and my guest is no longer crashing. Sorry, I mean my host is no longer crashing. Thanks, Tom > > Thanks, > Tom > >> >> Thanks, >> Tom >> >>>
Powered by blists - more mailing lists