lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <YW3LJdztZom+xQHv@google.com> Date: Mon, 18 Oct 2021 19:29:41 +0000 From: Sean Christopherson <seanjc@...gle.com> To: Borislav Petkov <bp@...en8.de> Cc: Jane Malalane <jane.malalane@...rix.com>, LKML <linux-kernel@...r.kernel.org>, x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Pu Wen <puwen@...on.cn>, Paolo Bonzini <pbonzini@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Andrew Cooper <andrew.cooper3@...rix.com>, Yazen Ghannam <Yazen.Ghannam@....com>, Brijesh Singh <brijesh.singh@....com>, Huang Rui <ray.huang@....com>, Andy Lutomirski <luto@...nel.org>, Kim Phillips <kim.phillips@....com>, stable@...r.kernel.org Subject: Re: [PATCH v2] x86/cpu: Fix migration safety with X86_BUG_NULL_SEL On Mon, Oct 18, 2021, Borislav Petkov wrote: > On Wed, Oct 13, 2021 at 03:22:30PM +0100, Jane Malalane wrote: > Totally untested of course. > > static void early_probe_null_seg_clearing_base(struct cpuinfo_x86 *c) > { > /* > * A hypervisor may sythesize the bit, but may also hide it > * for migration safety, so do not probe for model-specific > * behaviour when virtualised. > */ > if (cpu_has(c, X86_FEATURE_HYPERVISOR)) This isn't correct. When running as a guest, the intended behavior is to fully trust the CPUID.0x80000021 bit. If bit 6 is set, yay, the hypervisor has told the kernel that it will only ever run on hardware without the bug. If bit 6 is clear and HYPERVISOR is true, then the FMS crud can't be trusted because the kernel _may_ run on affected hardware in the future even if the current underlying hardware is not affected. > return; > > /* Zen3 CPUs advertise Null Selector Clears Base in CPUID. */ > if (c->extended_cpuid_level >= 0x80000021 && cpuid_eax(0x80000021) & BIT(6)) > return; > > /* Zen2 CPUs also have this behaviour, but no CPUID bit. */ > if (c->x86 == 0x17 && check_null_seg_clears_base(c)) > return; > > /* All the remaining ones are affected */ > set_cpu_bug(c, X86_BUG_NULL_SEG); > } ... > > @@ -1457,8 +1457,6 @@ static void generic_identify(struct cpuinfo_x86 *c) > > > > get_model_name(c); /* Default name */ > > > > - detect_null_seg_behavior(c); > > - > > /* > > * ESPFIX is a strange bug. All real CPUs have it. Paravirt > > * systems that run Linux at CPL > 0 may or may not have the > > So this function is called on all x86 CPUs. Are you sure others besides > AMD and Hygon do not have the same issue? > > IOW, I wouldn't remove that call here. I agree. If the argument for this patch is that the kernel can be migrated to older hardware, then it stands to reason that the kernel could also be migrated to a different CPU vendor entirely. E.g. start on Intel, migrate to Zen1, kaboom.
Powered by blists - more mailing lists