lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <86cz0ywx5p.wl-maz@kernel.org>
Date:   Tue, 11 Jul 2023 11:38:26 +0100
From:   Marc Zyngier <maz@...nel.org>
To:     "Aiqun(Maria) Yu" <quic_aiquny@...cinc.com>
Cc:     <will@...nel.org>, <corbet@....net>, <catalin.marinas@....com>,
        <quic_pkondeti@...cinc.com>, <quic_kaushalk@...cinc.com>,
        <quic_satyap@...cinc.com>, <quic_shashim@...cinc.com>,
        <quic_songxue@...cinc.com>, <linux-doc@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH] arm64: Add the arm64.nolse_atomics command line option

On Tue, 11 Jul 2023 11:12:48 +0100,
"Aiqun(Maria) Yu" <quic_aiquny@...cinc.com> wrote:
> 
> For the KVM part, per my understanding, as long as the current feature
> id being overriden, the KVM system also get the current vcpu without
> the lse atomic feature enabled.
> KVM vcpu will read the sys reg from host arm64_ftr_regs which is
> already been controled by the idreg_overrides.

You're completely missing the point.

The guest is free to map memory as non-cacheable *and* to use LSE
atomics even if the idregs pretend this is not available. At which
point the HW throws a fit and the system is dead. Is that acceptable?
Of course not.

So there are two aspects to your problem:

- for Linux, there is nothing to do: the kernel will correctly behave,
  and as long as you don't expose non-cacheable memory to userspace.
  Out of tree drivers are none of our concern here.

- for guests, it looks like the HW doesn't provide the basic
  requirements for virtualisation, and you should always disable KVM
  on this HW (or even better, enter the kernel at EL1).

In both cases, nothing to do in the kernel, which is good news.

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ