lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 16 Sep 2020 18:54:57 +0200
From:   Paolo Bonzini <>
To:     Andy Lutomirski <>
Cc:     Borislav Petkov <>,
        Sean Christopherson <>,
        Thomas Gleixner <>,
        Ingo Molnar <>, X86 ML <>,
        "H. Peter Anvin" <>,
        LKML <>,
        Dave Hansen <>,
        Chang Seok Bae <>,
        Peter Zijlstra <>,
        Sasha Levin <>,
        kvm list <>,
        Tom Lendacky <>
Subject: Re: [PATCH] x86/entry/64: Disallow RDPID in paranoid entry if KVM is

On 22/08/20 18:42, Andy Lutomirski wrote:
> On VMX, when a VM exits, the VM's
> value of MSR_TSC_AUX is live, and we can take an NMI, MCE, or
> abominable new #SX, #VE, #VC, etc on the next instruction boundary.
> And unless we use the atomic MSR switch mechanism, the result is that
> we're going through the entry path with guest-controlled MSRs.

If anything of that is a problem, we can and will use the atomic MSR
switching; it's not worth doing complicated stuff if you're going to pay
the price of rdmsr/wrmsr anyway.

The remaining cases are MSRs that are really meant for usermode (such as
the syscall MSRs) and especially the edge cases of these two MSRs that
the kernel doesn't mind too much about.  But they are really really
rare, I don't expect any new one coming soon and if they are ever needed
(by SGX perhaps?!?) I'll certainly loop you guys in.


Powered by blists - more mailing lists