lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 Nov 2022 14:42:37 -0800
From:   Jim Mattson <jmattson@...gle.com>
To:     Kim Phillips <kim.phillips@....com>
Cc:     x86@...nel.org, Borislav Petkov <bp@...en8.de>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
        Joao Martins <joao.m.martins@...cle.com>,
        Jonathan Corbet <corbet@....net>,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Juergen Gross <jgross@...e.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Tony Luck <tony.luck@...el.com>,
        Babu Moger <Babu.Moger@....com>,
        Tom Lendacky <thomas.lendacky@....com>, kvm@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] x86/speculation: Support Automatic IBRS under virtualization

On Mon, Nov 7, 2022 at 2:29 PM Kim Phillips <kim.phillips@....com> wrote:
>
> On 11/4/22 5:00 PM, Jim Mattson wrote:
> > On Fri, Nov 4, 2022 at 2:38 PM Kim Phillips <kim.phillips@....com> wrote:
> >>
> >> VM Guests may want to use Auto IBRS, so propagate the CPUID to them.
> >>
> >> Co-developed-by: Babu Moger <Babu.Moger@....com>
> >> Signed-off-by: Kim Phillips <kim.phillips@....com>
> >
> > The APM says that, under AutoIBRS, CPL0 processes "have IBRS
> > protection." I'm taking this to mean only that indirect branches in
> > CPL0 are not subject to steering from a less privileged predictor
> > mode. This would imply that indirect branches executed at CPL0 in L1
> > could potentially be subject to steering by code running at CPL0 in
> > L2, since L1 and L2 share hardware predictor modes.
>
> That's true for AMD processors that don't support Same Mode IBRS, also
> documented in the APM.
>
> Processors that support AutoIBRS also support Same Mode IBRS (see
> CPUID Fn8000_0008_EBX[IbrsSameMode] (bit 19)).
>
> > Fortunately, there is an IBPB when switching VMCBs in svm_vcpu_load().
> > But it might be worth noting that this is necessary for AutoIBRS to
> > work (unless it actually isn't).
>
> It is needed, but not for kernel/CPL0 code, rather to protect one
> guest's user-space code from another's.

The question is whether it's necessary when switching between L1 and
L2 on the same vCPU of the same VM.

On the Intel side, this was (erroneously) optimized away in commit
5c911beff20a ("KVM: nVMX: Skip IBPB when switching between vmcs01 and
vmcs02").

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ