lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 8 Nov 2022 16:48:12 -0600
From:   Kim Phillips <kim.phillips@....com>
To:     Jim Mattson <jmattson@...gle.com>
Cc:     x86@...nel.org, Borislav Petkov <bp@...en8.de>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
        Joao Martins <joao.m.martins@...cle.com>,
        Jonathan Corbet <corbet@....net>,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Juergen Gross <jgross@...e.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Tony Luck <tony.luck@...el.com>,
        Babu Moger <Babu.Moger@....com>,
        Tom Lendacky <thomas.lendacky@....com>, kvm@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] x86/speculation: Support Automatic IBRS under
 virtualization

On 11/7/22 4:42 PM, Jim Mattson wrote:
> On Mon, Nov 7, 2022 at 2:29 PM Kim Phillips <kim.phillips@....com> wrote:
>>
>> On 11/4/22 5:00 PM, Jim Mattson wrote:
>>> On Fri, Nov 4, 2022 at 2:38 PM Kim Phillips <kim.phillips@....com> wrote:
>>>>
>>>> VM Guests may want to use Auto IBRS, so propagate the CPUID to them.
>>>>
>>>> Co-developed-by: Babu Moger <Babu.Moger@....com>
>>>> Signed-off-by: Kim Phillips <kim.phillips@....com>
>>>
>>> The APM says that, under AutoIBRS, CPL0 processes "have IBRS
>>> protection." I'm taking this to mean only that indirect branches in
>>> CPL0 are not subject to steering from a less privileged predictor
>>> mode. This would imply that indirect branches executed at CPL0 in L1
>>> could potentially be subject to steering by code running at CPL0 in
>>> L2, since L1 and L2 share hardware predictor modes.
>>
>> That's true for AMD processors that don't support Same Mode IBRS, also
>> documented in the APM.
>>
>> Processors that support AutoIBRS also support Same Mode IBRS (see
>> CPUID Fn8000_0008_EBX[IbrsSameMode] (bit 19)).
>>
>>> Fortunately, there is an IBPB when switching VMCBs in svm_vcpu_load().
>>> But it might be worth noting that this is necessary for AutoIBRS to
>>> work (unless it actually isn't).
>>
>> It is needed, but not for kernel/CPL0 code, rather to protect one
>> guest's user-space code from another's.
> 
> The question is whether it's necessary when switching between L1 and
> L2 on the same vCPU of the same VM.
> 
> On the Intel side, this was (erroneously) optimized away in commit
> 5c911beff20a ("KVM: nVMX: Skip IBPB when switching between vmcs01 and
> vmcs02").

Then why hasn't it been reverted?

Does its rationale not make sense?:

     The IBPB is intended to prevent one guest from attacking another, which
     is unnecessary in the nested case as it's the same guest from KVM's
     perspective.

Thanks,

Kim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ