lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YW3Lhwzux0K1P72e@zn.tnic>
Date:   Mon, 18 Oct 2021 21:31:19 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     "H. Peter Anvin" <hpa@...or.com>
Cc:     Jane Malalane <jane.malalane@...rix.com>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Pu Wen <puwen@...on.cn>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andrew Cooper <andrew.cooper3@...rix.com>,
        Yazen Ghannam <Yazen.Ghannam@....com>,
        Brijesh Singh <brijesh.singh@....com>,
        Huang Rui <ray.huang@....com>,
        Andy Lutomirski <luto@...nel.org>,
        Kim Phillips <kim.phillips@....com>, stable@...r.kernel.org
Subject: Re: [PATCH v2] x86/cpu: Fix migration safety with X86_BUG_NULL_SEL

On Mon, Oct 18, 2021 at 12:10:20PM -0700, H. Peter Anvin wrote:
> AFAIK no Intel CPU has ever had that behavior, and always cleared the
> segments; I don't Intel has any plans of supporting such a CPUID bit
> (although I'd certainly be willing to take such a request back to the
> CPU teams on request.)

No need - we can always set or clear a flag on Intel, depending on what
we do.

> That being said, this sounds like an ideal use for the hypervisor CPU
> feature flag.

Yap, it uses it.

> Maybe we should consider a migration hypervisor flag too to explicitly
> tell the kernel not to rely on hardware probing that breaks migration
> in general.

Meh, migration-specific flag calls for all kinds of nasty when each
HV would want different things to happen in the guest, for migration.
And then the patch flood will come. I mean, we already do a bunch of
X86_FEATURE_HYPERVISOR all over the place and apparently it is enough
here too...

> Now, with a CPUID but being introduced, the right thing would be to
> use the CPUID bit as a feature instead of using a bug flag, and add
> whitelisting in the vendor-specific code as applicable.

I guess we can flip all that logic checking X86_BUG_NULL_SEG... it
sounds like a lot of churn to me, though and I don't see a pressing need
for it unless someone is bored and wants to do some kernel patching
exercises but whatever...

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ