| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Jul 2021 19:32:42 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Revert "KVM: x86: WARN and reject loading KVM if NX is
supported but not enabled"
On 09/07/21 19:21, Sean Christopherson wrote:
> On Thu, Jul 08, 2021, Paolo Bonzini wrote:
>> On 25/06/21 02:18, Sean Christopherson wrote:
>>> Let KVM load if EFER.NX=0 even if NX is supported, the analysis and
>>> testing (or lack thereof) for the non-PAE host case was garbage.
>>>
>>> If the kernel won't be using PAE paging, .Ldefault_entry in head_32.S
>>> skips over the entire EFER sequence. Hopefully that can be changed in
>>> the future to allow KVM to require EFER.NX, but the motivation behind
>>> KVM's requirement isn't yet merged. Reverting and revisiting the mess
>>> at a later date is by far the safest approach.
>>>
>>> This reverts commit 8bbed95d2cb6e5de8a342d761a89b0a04faed7be.
>>>
>>> Fixes: 8bbed95d2cb6 ("KVM: x86: WARN and reject loading KVM if NX is supported but not enabled")
>>> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
>>> ---
>>>
>>> Hopefully it's not too late to just drop the original patch...
>>>
>>> arch/x86/kvm/x86.c | 3 ---
>>> 1 file changed, 3 deletions(-)
>>>
>>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>>> index 4a597aafe637..1cc02a3685d0 100644
>>> --- a/arch/x86/kvm/x86.c
>>> +++ b/arch/x86/kvm/x86.c
>>> @@ -10981,9 +10981,6 @@ int kvm_arch_hardware_setup(void *opaque)
>>> int r;
>>> rdmsrl_safe(MSR_EFER, &host_efer);
>>> - if (WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_NX) &&
>>> - !(host_efer & EFER_NX)))
>>> - return -EIO;
>>> if (boot_cpu_has(X86_FEATURE_XSAVES))
>>> rdmsrl(MSR_IA32_XSS, host_xss);
>>>
>>
>> So do we want this or "depends on X86_64 || X86_PAE"?
>
> Hmm, I'm leaning towards keeping !PAE support purely for testing the !PAE<->PAE
> MMU transitions for nested virtualization. It's not much coverage, and the !PAE
> NPT horror is a much bigger testing gap (because KVM doesn't support it), but on
> the other hand setting EFER.NX for !PAE kernels appears to be trivial, e.g.
>
> diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
> index 67f590425d90..bfbea25a9fe8 100644
> --- a/arch/x86/kernel/head_32.S
> +++ b/arch/x86/kernel/head_32.S
> @@ -214,12 +214,6 @@ SYM_FUNC_START(startup_32_smp)
> andl $~1,%edx # Ignore CPUID.FPU
> jz .Lenable_paging # No flags or only CPUID.FPU = no CR4
>
> - movl pa(mmu_cr4_features),%eax
> - movl %eax,%cr4
> -
> - testb $X86_CR4_PAE, %al # check if PAE is enabled
> - jz .Lenable_paging
> -
> /* Check if extended functions are implemented */
> movl $0x80000000, %eax
> cpuid
>
> My only hesitation is the risk of somehow breaking ancient CPUs by falling into
> the NX path. Maybe try forcing EFER.NX=1 for !PAE, and fall back to requiring
> PAE if that gets NAK'd or needs to be reverted for whatever reason?
>
For now let's revert anyway. Thanks!
Paolo
Powered by blists - more mailing lists