| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <13E3F717-2938-430F-BA8B-70DD87962344@nutanix.com>
Date: Fri, 20 May 2022 20:14:01 +0000
From: Jon Kohler <jon@...anix.com>
To: Sean Christopherson <seanjc@...gle.com>
CC: Jon Kohler <jon@...anix.com>, Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Kees Cook <keescook@...omium.org>,
Waiman Long <longman@...hat.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] KVM: VMX: do not disable interception for
MSR_IA32_SPEC_CTRL on eIBRS
> On May 20, 2022, at 4:06 PM, Sean Christopherson <seanjc@...gle.com> wrote:
>
> On Fri, May 20, 2022, Jon Kohler wrote:
>>
>>> On May 18, 2022, at 10:23 AM, Jon Kohler <jon@...anix.com> wrote:
>>>
>>>> On May 17, 2022, at 9:42 PM, Sean Christopherson <seanjc@...gle.com> wrote:
>>>>> + if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) && data == BIT(0)) {
>>>>
>>>> Use SPEC_CTRL_IBRS instead of open coding "BIT(0)", then a chunk of the comment
>>>> goes away.
>>>>
>>>>> + vmx->spec_ctrl = data;
>>>>> + break;
>>>>> + }
>>>>
>>>> There's no need for a separate if statement. And the boot_cpu_has() check can
>>>> be dropped, kvm_spec_ctrl_test_value() has already verified the bit is writable
>>>> (unless you're worried about bit 0 being used for something else?)
>>
>> I was (and am) worried about misbehaving guests on pre-eIBRS systems spamming IBRS
>> MSR, which we wouldn’t be able to see today. Intel’s guidance for eIBRS has long been
>> set it once and be done with it, so any eIBRS aware guest should behave nicely with that.
>> That limits the blast radius a bit here.
>
> Then check the guest capabilities, not the host flag.
>
> if (data == SPEC_CTRL_IBRS &&
> (vcpu->arch.arch_capabilities & ARCH_CAP_IBRS_ALL))
So I originally did that in my first internal patch; however, the code you wrote is
effectively the code I wrote, because cpu_set_bug_bits() already does that exact
same thing when it sets up X86_FEATURE_IBRS_ENHANCED.
Is the boot cpu check more expensive than checking the vCPU perhaps? Otherwise,
checking X86_FEATURE_IBRS_ENHANCED seemed like it might be easier
understand for future onlookers, as thats what the rest of the kernel keys off of
when checking for eIBRS (e.g. in bugs.c etc).
>> Sent out the v2 just now with a few minor tweaks, only notable one was keeping
>> the boot cpu check and small tweaks to comments here and there to suit.
>
> In the future, give reviewers a bit of time to respond to a contented point before
> sending out the next revision, e.g. you could have avoided v3 :-)
Thanks for the feedback/coaching. Still getting my legs under me for LKML, I
appreciate the kindness, thank you!
Powered by blists - more mailing lists