lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210907053816.qldtcxkxxv7hkzgv@gupta-dev2.localdomain>
Date:   Mon, 6 Sep 2021 22:38:16 -0700
From:   Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To:     Hao Peng <flyingpenghao@...il.com>
Cc:     Xiaoyao Li <xiaoyao.li@...el.com>, Borislav Petkov <bp@...en8.de>,
        tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/tsx: clear RTM and HLE when MSR_IA32_TSX_CTRL is not
 supported

On 07.09.2021 12:39, Hao Peng wrote:
>On Tue, Sep 7, 2021 at 12:26 PM Xiaoyao Li <xiaoyao.li@...el.com> wrote:
>>
>> On 9/7/2021 11:40 AM, Hao Peng wrote:
>> > On Tue, Sep 7, 2021 at 10:56 AM Xiaoyao Li <xiaoyao.li@...el.com> wrote:
>> >>
>> >> On 9/7/2021 10:35 AM, Hao Peng wrote:
>> >>> On Tue, Sep 7, 2021 at 10:08 AM Xiaoyao Li <xiaoyao.li@...el.com> wrote:
>> >>>>
>> >>>> On 9/7/2021 9:47 AM, Hao Peng wrote:
>> >>>>> On Mon, Sep 6, 2021 at 5:30 PM Borislav Petkov <bp@...en8.de> wrote:
>> >>>>>>
>> >>>>>> On Mon, Sep 06, 2021 at 10:46:05AM +0800, Hao Peng wrote:
>> >>>>>>> If hypervisor does not support MSR_IA32_TSX_CTRL, but guest supports
>> >>>>>>> RTM and HLE features, it will affect TAA mitigation.
>> >>>>>>>
>> >>>>>>> Signed-off-by: Peng Hao <flyingpeng@...cent.com>
>> >>>>>>> ---
>> >>>>>>>     arch/x86/kernel/cpu/tsx.c | 7 +++++++
>> >>>>>>>     1 file changed, 7 insertions(+)
>> >>>>>>>
>> >>>>>>> diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
>> >>>>>>> index 9c7a5f049292..5e852c14fef2 100644
>> >>>>>>> --- a/arch/x86/kernel/cpu/tsx.c
>> >>>>>>> +++ b/arch/x86/kernel/cpu/tsx.c
>> >>>>>>> @@ -122,6 +122,13 @@ void __init tsx_init(void)
>> >>>>>>>
>> >>>>>>>            if (!tsx_ctrl_is_supported()) {
>> >>>>>>>                    tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED;
>> >>>>>>> +
>> >>>>>>> +               /* If hypervisor does not support MSR_IA32_TSX_CTRL emulation,
>> >>>>>>> +                * but guest supports RTM and HLE features, it will affect TAA
>> >>>>>>> +                * (tsx_async_abort)mitigation.
>> >>>>>>> +                */
>> >>>>>>> +               setup_clear_cpu_cap(X86_FEATURE_RTM);
>> >>>>>>> +               setup_clear_cpu_cap(X86_FEATURE_HLE);
>> >>>>
>> >>>> anyway, IMHO, we shouldn't do anything here for TAA. It should be in
>> >>>> taa_select_mitigation()
>> >>>>
>> >>>>>>>                    return;
>> >>>>>>>            }
>> >>>>>>
>> >>>>>> How does that even happen - the hypervisor does not support the MSR but
>> >>>>>> "guest supports" TSX features?!
>> >>>>>>
>> >>>>>> I guess the guest is detecting it wrong.
>> >>>>>>
>> >>>>>> What hypervisor, what guest, how do I reproduce?
>> >>>>>>
>> >>>>> hypervisor is kvm, guest is linux too.
>> >>>>>> Please give full details.
>> >>>>>>
>> >>>>> The host I used is kernel-5.4, and guest is kernel-5.13.
>> >>>>> MSR_IA32_TSX_CTRL is exposed
>> >>>>> to guest and guest to support RTM and HLE features, no direct
>> >>>>> dependence. at the qemu I
>> >>>>> started guest with -cpu host-model.
>> >>>>> I have viewed the code of kernel-5.4, and MSR_IA32_TSX_CTRL is not
>> >>>>> exposed to guest.
>> >>>>
>> >>>> Does guest see TAA_NO bit?
>> >>>>
>> >>> Guest can't see taa_no, which requires updating qemu to solve. But I think
>> >>> there is a compatibility process here.
>> >>
>> >> Anyway, there should be some existing code in kernel already to handle
>> >> the case that CPUID reports TRM while MSR_IA32_CORE_CAPABILITIES doesn't
>> >> report MSR_TSX_CTRL nor TAA_NO.
>> >>
>> > Can you point out which patches ? At present, guest is kernel-5.13
>> > still has this problem.
>>
>> What's the output of 'cat
>> /sys/devices/system/cpu/vulnerabilities/tsx_async_abort' on your guest?
>>
>Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown.

This suggests that the microcode is old. Can you please share the output
of below cmds on host and guest:

	$ grep . /sys/devices/system/cpu/vulnerabilities/*
	$ lscpu
	$ grep microcode /proc/cpuinfo | uniq
	$ cat /proc/cmdline

Thanks,
Pawan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ