lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <pcxeiwgpu6gtxibfahadopifjkehgdcb2vfjovqrc5v6mogsuu@3kcetsllglen>
Date: Wed, 13 Mar 2024 09:38:24 +0100
From: Gerd Hoffmann <kraxel@...hat.com>
To: Xiaoyao Li <xiaoyao.li@...el.com>
Cc: Tao Su <tao1.su@...ux.intel.com>, kvm@...r.kernel.org, 
	Tom Lendacky <thomas.lendacky@....com>, Sean Christopherson <seanjc@...gle.com>, 
	Paolo Bonzini <pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, 
	"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, 
	"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 2/2] kvm/cpuid: set proper GuestPhysBits in
 CPUID.0x80000008

  Hi,

> > > -		entry->eax = phys_as | (virt_as << 8);
> > > +		entry->eax = phys_as | (virt_as << 8) | (g_phys_as << 16);
> > 
> > When g_phys_as==phys_as, I would suggest advertising g_phys_as==0,
> > otherwise application can easily know whether it is in a VM, I’m
> > concerned this could be abused by application.

There are *tons* of options to figure whenever you are running in a VM,
there is no need to go for this obscure way.

> IMO, this should be protected by userspace VMM, e.g., QEMU to set actual
> g_phys_as. On KVM side, KVM only reports the capability to userspace.

Yes, at the end of the day this is handled by qemu.

Current plan for qemu is to communicate it to the guest unconditionally
though.  When setting this only in case g_phys_as != phys_as the
firmware has the problem that it doesn't know the reason for finding
zero there.  Could be g_phys_as == phys_as, but could also be old kernel
/ qemu without GuestPhysBits support.  So the firmware doesn't know
whenever it is save to use phys_as.

take care,
  Gerd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ