lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Oct 2022 13:21:30 +0300
From:   Maxim Levitsky <mlevitsk@...hat.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        Borislav Petkov <bp@...en8.de>
Cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Tony Luck <tony.luck@...el.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        "David S. Miller" <davem@...emloft.net>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "Chang S. Bae" <chang.seok.bae@...el.com>,
        Jane Malalane <jane.malalane@...rix.com>,
        Kees Cook <keescook@...omium.org>,
        Kan Liang <kan.liang@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
        Jiri Olsa <jolsa@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        linux-perf-users@...r.kernel.org,
        "open list:CRYPTO API" <linux-crypto@...r.kernel.org>
Subject: Re: [PATCH v2 1/5] perf/x86/intel/lbr: use setup_clear_cpu_cap
 instead of clear_cpu_cap

On Thu, 2022-10-20 at 17:05 +0800, Herbert Xu wrote:
> On Thu, Oct 20, 2022 at 10:59:48AM +0200, Borislav Petkov wrote:
> > I really really don't like it when people are fixing the wrong thing.
> > 
> > Why does the kernel need to get fixed when something else can't get its
> > CPUID dependencies straight? I don't even want to know why something
> > would set AVX2 without AVX?!?!
> 
> That's exactly what I said when this was first reported to me as
> a crypto bug :)

I agree with you, however this patch series is just refactoring/hardening of the kernel -
if the kernel can avoid crashing - why not.

Of course the hypervisor should not present such broken configurations to the guest - 
in fact the guest kernel can't fix this - guest userspace will still see wrong CPUID and
can still crash.

TL;DR - this patch series is not intended to workaround a broken hypervisor and such,
it is just a hardening against misconfiguration.

Best regards,
	Maxim Levitsky


> 
> Cheers,
> --
> Email: Herbert Xu <herbert@...dor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ