lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230823052007.GBZOWXBymcCUOoMax3@fat_crate.local>
Date:   Wed, 23 Aug 2023 07:20:07 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Andrew Cooper <andrew.cooper3@...rix.com>
Cc:     Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Babu Moger <babu.moger@....com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>, David.Kaplan@....com,
        Nikolay Borisov <nik.borisov@...e.com>,
        gregkh@...uxfoundation.org, Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 02/22] x86/srso: Set CPUID feature bits independently of
 bug or mitigation status

On Mon, Aug 21, 2023 at 04:06:19PM +0200, Borislav Petkov wrote:
> And I still don't know what exactly we're going to support when Linux
> runs as a guest. For example, live migration between Zen1/2 and Zen3/4
> won't work due to the alternatives patching, for example...
> 
> IBPB won't work either because we detect those feature bits only once
> during boot, like every other feature bit...

The lowest common denominator of features exposed to the guests, should
work, as I'm being told. As in, Zen2 and Zen3 should hide the SBPB bit
from the guests, for example.

Anything else like kernel code patching based on early detection of
features won't fly. But that has never flown anyway unless you don't
change that set of features.

I'm thinking if anyone cares really deeply about live migration, anyone
should say so and then we can see what cases we can support upstream. My
guess is those who do, have enough engineers to patch their kernel the
way they want it...

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ