lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 30 Apr 2021 14:03:07 -0700
From:   Reiji Watanabe <reijiw@...gle.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Ramakrishna Saripalli <rsaripal@....com>,
        linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de,
        mingo@...hat.com, hpa@...or.com, Jonathan Corbet <corbet@....net>,
        bsd@...hat.com
Subject: Re: [PATCH v4 1/1] x86/cpufeatures: Implement Predictive Store
 Forwarding control.

> > Then, it would be a problem if its guests want to use PSFD looking at
> > x86_virt_spec_ctrl().
>
> Well, will they want to do that? If so, why? Use case?
>
> We decided to do this lite version to give people the opportunity to
> evaluate whether there's a need to make full-blown mitigation-like,
> per-thread thing like the rest of the mitigations in bugs.c or leave it
> to be a chicken-bit thing.
>
> So do you have any particular use case in mind or are you simply poking
> holes in this?

I didn't mean per-thread thing but per-VM and I understand
the per-thread thing was dropped.
But, doesn't the current plan include even the per-VM control ?

Since the comments below from Ramakrishna (yesterday) mentioned
KVM/virtualization support, I assumed that there would be
per-VM control even in the current plan.
--------------------------------------------------------------
But I did test with KVM (with my patch that is not here) and I do not see
issues (meaning user space guest in QEMU is seeing PSF CPUID guest capability)
--------------------------------------------------------------
Yes this feature is needed for KVM/virtualization support.
--------------------------------------------------------------

Could you please clarify ?

Thanks,
Reiji

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ