lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Nov 2023 08:48:22 -0800
From:   Sean Christopherson <seanjc@...gle.com>
To:     "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it
 due to an errata

On Mon, Nov 27, 2023, Maciej S. Szmigiero wrote:
> On 27.11.2023 18:24, Sean Christopherson wrote:
> > On Thu, Nov 23, 2023, Maciej S. Szmigiero wrote:
> > > From: "Maciej S. Szmigiero" <maciej.szmigiero@...cle.com>
> > > 
> > > Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17")
> > > kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs.
> > > 
> > > Since KVM CPU caps are initialized from the kernel boot CPU features this
> > > makes the XSAVES feature also unavailable for KVM guests in this case, even
> > > though they might want to decide on their own whether they are affected by
> > > this errata.
> > > 
> > > Allow KVM guests to make such decision by setting the XSAVES KVM CPU
> > > capability bit based on the actual CPU capability
> > 
> > This is not generally safe, as the guest can make such a decision if and only if
> > the Family/Model/Stepping information is reasonably accurate.
> 
> If one lies to the guest about the CPU it is running on then obviously
> things may work non-optimally.

But this isn't about running optimally, it's about functional correctness.  And
"lying" to the guest about F/M/S is extremely common.

> > > This fixes booting Hyper-V enabled Windows Server 2016 VMs with more than
> > > one vCPU on Zen1/2 CPUs.
> > 
> > How/why does lack of XSAVES break a multi-vCPU setup?  Is Windows blindly doing
> > XSAVES based on FMS?
> 
> The hypercall from L2 Windows to L1 Hyper-V asking to boot the first AP
> returns HV_STATUS_CPUID_XSAVE_FEATURE_VALIDATION_ERROR.

If it's just about CPUID enumeration, then userspace can simply stuff the XSAVES
feature flag.  This is not something that belongs in KVM, because this is safe if
and only if F/M/S is accurate and the guest is actually aware of the erratum (or
will not actually use XSAVES for other reasons), neither of which KVM can guarantee.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ