lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y/SkAqvl8YCZXAnB@zn.tnic>
Date:   Tue, 21 Feb 2023 11:59:14 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Andrew Cooper <andrew.cooper3@...rix.com>
Cc:     KP Singh <kpsingh@...nel.org>, Dave Hansen <dave.hansen@...el.com>,
        Josh Poimboeuf <jpoimboe@...nel.org>,
        linux-kernel@...r.kernel.org, pjt@...gle.com, evn@...gle.com,
        tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
        x86@...nel.org, hpa@...or.com, peterz@...radead.org,
        pawan.kumar.gupta@...ux.intel.com, kim.phillips@....com,
        alexandre.chartre@...cle.com, daniel.sneddon@...ux.intel.com,
        José Oliveira <joseloliveira11@...il.com>,
        Rodrigo Branco <rodrigo@...nelhacking.com>,
        Alexandra Sandulescu <aesa@...gle.com>,
        Jim Mattson <jmattson@...gle.com>
Subject: Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2
 protection with KERNEL_IBRS

On Mon, Feb 20, 2023 at 11:30:46PM +0000, Andrew Cooper wrote:
> 1) Intel's legacy IBRS
> 2) AMD's regular IBRS

Yeah, we don't do that in the kernel.

> 3) AMD's AutoIBRS
> 
> which all have different relevant behaviours for userspace.  Just so
> it's written out coherently in at least one place...
> 
> When SEV-SNP is enabled in firmware, whether or not it's being used by
> software, AutoIBRS keeps indirect predictions inhibited in all of
> ASID0.  That's all host userspace to the non-hypervisor devs reading
> this thread.

Yap.

> For any AMD configuration setting STIBP, there must be an IBPB after
> having set STIBP.   Setting STIBP alone does not evict previously
> created shared predictions.  This one can go subtly wrong for anyone who
> assumes that Intel STIBP and AMD STIBP have the same behaviour.

We will IBPB eventually... on the next context switch.

> Furthermore, extra care needs taking on vmexit because transitioning
> from the guest STIBP setting to the host STIBP setting can leave shared
> predictions intact.

>From what I can tell from looking at the SVM code, we don't do anything
special there when restoring SPEC_CTRL.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ