lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 25 Oct 2022 21:25:57 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        jmattson@...gle.com
Subject: Re: [PATCH] KVM: x86: Do not expose the host value of CPUID.8000001EH

On Tue, Oct 25, 2022, Paolo Bonzini wrote:
> On 10/25/22 18:46, Sean Christopherson wrote:
> > On Sat, Oct 22, 2022, Paolo Bonzini wrote:
> > > Several fields of CPUID.8000001EH (ExtendedApicId in EAX[31:0],
> > > CoreId in EBX[7:0], NodeId in ECX[7:0]) vary on each processor,
> > > and it is simply impossible to fit the right values in the
> > > KVM_GET_SUPPORTED_CPUID API, in such a way that they can be
> > > passed to KVM_SET_CPUID2.
> > 
> > The same is true for 0xb and 0x1f, why delete 0x8000001e but keep those? I agree
> > that KVM_GET_SUPPORTED_CPUID can't get this right, but KVM can at least be
> > consistent with itself.
> 
> 0xb and 0x1f are already special cased because EDX is set to the X2APIC id.
> KVM knows how to do that unlike the NodeId and CoreId.

But KVM doesn't properly support 0xB/0x1F.  E.g. if usersepace regurgitates
KVM_GET_SUPPORTED_CPUID back into KVM_SET_CPUID2, all vCPUs will observe the same
x2APIC ID in EDX, and it will be a host x2APIC ID to boot.

KVM only handles the where userspace provides 0xB.1 (or 0x1F.1), the guest performs
CPUID with ECX>1, _and_ userspace doesn't provide the exact CPUID entry. 

I suppose one could argue that KVM needs to communicate to userspace that KVM
emulates the edge case behavior of CPUID 0xB and 0x1F, but I would argue that KVM
communicates that by announcing a max basic leaf >= 0xB/0x1F.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ