| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Feb 2023 22:24:16 +0000
From: Takahiro Itazuri <itazur@...zon.com>
To: <bp@...en8.de>
CC: <dave.hansen@...ux.intel.com>, <itazur@...zon.com>,
<kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<mingo@...hat.com>, <pbonzini@...hat.com>, <seanjc@...gle.com>,
<tglx@...utronix.de>, <x86@...nel.org>, <zulinx86@...il.com>
Subject: Re: [PATCH 0/2] KVM: x86: Propagate AMD-specific IBRS bits to guests
Date: Tue, 28 Feb 2023 21:45:56 +0100
From: Borislav Petkov <bp@...en8.de>
> So you mean we should stick *all* CPUID leafs in there just because
> anything can run in guests?
>
> What is the hypervisor then for?
I'm still a kernel newbie and I don't have a strong opinion for that.
I just thought it would be helpful if the KVM_GET_SUPPORTED_CPUID API
returns the same security information as the host, as long as it is
harmless. I'm inclined to withdraw this patch if it is not worth
enough.
> Really? Says who?
>
> $ grep -r . /sys/devices/system/cpu/vulnerabilities/
>
> gives you all you need to know.
>
> And if something's missing, then I'm listening.
"De facto standard" was too much. I apologize for my incorrect
expression and poor English. What I wanted to say is that the script
was introduced as a useful tool by Intel and SLES and it provides some
additional information (IBRS always-on in this case).
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/spectre-and-meltdown-checker-script.html
https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-spectre.html
Best regards,
Takahiro Itazuri
Powered by blists - more mailing lists