lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZWTQuRpwPkutHY-D@google.com>
Date:   Mon, 27 Nov 2023 09:24:09 -0800
From:   Sean Christopherson <seanjc@...gle.com>
To:     "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it
 due to an errata

On Thu, Nov 23, 2023, Maciej S. Szmigiero wrote:
> From: "Maciej S. Szmigiero" <maciej.szmigiero@...cle.com>
> 
> Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17")
> kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs.
> 
> Since KVM CPU caps are initialized from the kernel boot CPU features this
> makes the XSAVES feature also unavailable for KVM guests in this case, even
> though they might want to decide on their own whether they are affected by
> this errata.
> 
> Allow KVM guests to make such decision by setting the XSAVES KVM CPU
> capability bit based on the actual CPU capability

This is not generally safe, as the guest can make such a decision if and only if
the Family/Model/Stepping information is reasonably accurate.

> This fixes booting Hyper-V enabled Windows Server 2016 VMs with more than
> one vCPU on Zen1/2 CPUs.

How/why does lack of XSAVES break a multi-vCPU setup?  Is Windows blindly doing
XSAVES based on FMS?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ