lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c2d96a84-64d2-b4b4-261d-e98612552ba0@citrix.com>
Date:   Wed, 6 Oct 2021 15:15:51 +0100
From:   Andrew Cooper <andrew.cooper3@...rix.com>
To:     Borislav Petkov <bp@...en8.de>,
        Jane Malalane <jane.malalane@...rix.com>
CC:     LKML <linux-kernel@...r.kernel.org>, <x86@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, Pu Wen <puwen@...on.cn>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        "Peter Zijlstra" <peterz@...radead.org>,
        Yazen Ghannam <Yazen.Ghannam@....com>,
        Brijesh Singh <brijesh.singh@....com>,
        Huang Rui <ray.huang@....com>,
        "Andy Lutomirski" <luto@...nel.org>,
        Kim Phillips <kim.phillips@....com>, <stable@...r.kernel.org>
Subject: Re: [PATCH] x86/cpu: Fix migration safety with X86_BUG_NULL_SEL

On 01/10/2021 15:19, Borislav Petkov wrote:
> On Fri, Oct 01, 2021 at 02:33:49PM +0100, Jane Malalane wrote:
>> Subject: Re: [PATCH] x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
>> ...
>> Currently, Linux probes for X86_BUG_NULL_SEL unconditionally which
>> makes it unsafe to migrate in a virtualised environment as the
>> properties across the migration pool might differ.
> Sorry but you need to explain "migration safety" in greater detail -
> we're not all virtualizers.

The case which goes wrong is this:

1. Zen1 (or earlier) and Zen2 (or later) in a migration pool
2. Linux boots on Zen2, probes and finds the absence of X86_BUG_NULL_SEL
3. Linux is then migrated to Zen1

Linux is now running on a X86_BUG_NULL_SEL-impacted CPU while believing
that the bug is fixed.

The only way to address the problem is to fully trust the "no longer
affected" CPUID bit when virtualised, because in the above case it would
be clear deliberately to indicate the fact "you might migrate to
somewhere which really is affected".

~Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ