lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALMp9eT2+299s3DE=q8AnDnMXj+H249dzytmHw6EqnRqCaqsVw@mail.gmail.com>
Date:   Mon, 16 May 2022 17:35:38 -0700
From:   Jim Mattson <jmattson@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     Eduardo Habkost <ehabkost@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        kvm@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org,
        KarimAllah Ahmed <karahmed@...zon.de>,
        David Woodhouse <dwmw2@...radead.org>
Subject: Re: [PATCH] kvm: x86: Report STIBP on GET_SUPPORTED_CPUID

On Fri, Dec 14, 2018 at 2:55 AM Paolo Bonzini <pbonzini@...hat.com> wrote:
>
> On 05/12/18 20:19, Eduardo Habkost wrote:
> > Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
> > to the guest, which makes STIBP available to guests.  This was implemented
> > by commits d28b387fb74d ("KVM/VMX: Allow direct access to
> > MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to
> > MSR_IA32_SPEC_CTRL").
> >
> > However, we never updated GET_SUPPORTED_CPUID to let userspace know that
> > STIBP can be enabled in CPUID.  Fix that by updating
> > kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features.
> >
> > Signed-off-by: Eduardo Habkost <ehabkost@...hat.com>
> > ...
> Queued, thanks.
>
> Paolo


On second thought, I believe this is premature. KVM does not currently
support Intel's STIBP.

>From volume 4 of the SDM, "Prevents indirect branch predictions on
*all* logical processors on the core from being controlled by any
sibling logical processor in the same core." (emphasis mine)

In particular, if two virtual HT siblings are running on different
physical cores, and one of them sets IA32_SPEC_CTRL.STIBP, KVM must
intercept the MSR write, track down the sibling vCPU thread, and
ensure that IA32_SPEC_CTRL.STIBP is set on its logical processor.
Moreover, whenever a vCPU thread migrates to a new logical processor,
IA32_SPEC_CTRL.STIBP on the logical processor must be set to the
logical or of the vCPU thread's own IA32_SPEC_CTRL.STIBP value and its
sibling vCPU thread's IA32_SPEC_CTRL.STIBP value. Note that this
implies that IA32_SPEC_CTRL cannot be a pass-through MSR.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ