| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Nov 2020 10:10:03 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: "Luck, Tony" <tony.luck@...el.com>,
Jim Mattson <jmattson@...gle.com>
Cc: Qian Cai <cai@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-tip-commits@...r.kernel.org"
<linux-tip-commits@...r.kernel.org>, Boris Petkov <bp@...en8.de>,
Borislav Petkov <bp@...e.de>, x86 <x86@...nel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>
Subject: Re: [tip: ras/core] x86/mce: Enable additional error logging on
certain Intel CPUs
> Maybe no contract ... but a bunch of places (many of them in Intel
> specific code) that check for it
Interestingly, quite a few of them are actually checking for HYPERVISOR
not because of missing hypervisor features, but rather because
hypervisors don't have to work around certain errata. :)
Full analysis after my sig, but tl;dr: the only case of using HYPERVISOR
before using MSRs are in arch/x86/events/intel/cstate.c and
arch/x86/events/intel/uncore.c. There are some workarounds in
drivers/gpu that might fall into a similar bucket. But as far as MSRs
go, the way to go overwhelmingly seems to be {rd,wr}msrl_safe.
Thanks,
Paolo
On 10/11/20 00:36, Luck, Tony wrote:
> arch/x86/events/core.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
Print a slightly less frightening warning.
> arch/x86/events/intel/core.c: if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
Working around KVM's ignore_msrs=1 option (and quite ugly; shows that
the option shouldn't be enabled by default).
> arch/x86/events/intel/core.c: int assume = 3 * !boot_cpu_has(X86_FEATURE_HYPERVISOR);
Seems unnecessary.
> arch/x86/events/intel/cstate.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/events/intel/uncore.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Too complicated. :)
> arch/x86/kernel/apic/apic.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Hypervisors don't have errata.
> arch/x86/kernel/cpu/bugs.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/kernel/cpu/bugs.c: else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/kernel/cpu/bugs.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
> arch/x86/kernel/cpu/bugs.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
> arch/x86/kernel/cpu/intel.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Print different vulnerability status in sysfs.
> arch/x86/kernel/cpu/mshyperv.c: if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/kernel/cpu/vmware.c: * If !boot_cpu_has(X86_FEATURE_HYPERVISOR), vmware_hypercall_mode
> arch/x86/kernel/cpu/vmware.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
> arch/x86/kernel/jailhouse.c: !boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/kernel/kvm.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
> arch/x86/kernel/paravirt.c: if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
Obviously needed before using paravirt features of the hypervisor.
> arch/x86/kernel/tsc.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR) ||
Disables ART in VMs. Probably the idea is that ART does not have an
offset field similar to the TSC's, but it's not necessary. Looking at
the hypervisor-provided CPUID should be enough.
> arch/x86/mm/init_64.c: if (!boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
Tweaks hotplug heuristics, no MSRs involved.
> drivers/acpi/processor_idle.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
Avoids pointless hypervisor exit on idle (i.e. just an optimization).
> drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h: return boot_cpu_has(X86_FEATURE_HYPERVISOR);
Work around SR-IOV bugs.
> drivers/gpu/drm/i915/i915_memcpy.c: !boot_cpu_has(X86_FEATURE_HYPERVISOR))
Work around KVM deficiency.
> drivers/gpu/drm/radeon/radeon_device.c: return boot_cpu_has(X86_FEATURE_HYPERVISOR);
Work around SR-IOV bugs.
> drivers/visorbus/visorchipset.c: if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
Needed before using paravirt features of the hypervisor.
Powered by blists - more mailing lists