| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Mar 2024 16:55:04 +0800 From: Yan Zhao <yan.y.zhao@...el.com> To: "Tian, Kevin" <kevin.tian@...el.com> CC: Sean Christopherson <seanjc@...gle.com>, "jgg@...dia.com" <jgg@...dia.com>, Paolo Bonzini <pbonzini@...hat.com>, Lai Jiangshan <jiangshanlai@...il.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Josh Triplett" <josh@...htriplett.org>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "rcu@...r.kernel.org" <rcu@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Yiwei Zhang <zzyiwei@...gle.com> Subject: Re: [PATCH 5/5] KVM: VMX: Always honor guest PAT on CPUs that support self-snoop > We'll certain fix the security hole on CPUs w/ self-snoop. In this case > CPU accesses are guaranteed to be coherent and the vulnerability can > only be exposed via non-coherent DMA which is supposed to be fixed > by your coming series. > > But for old CPUs w/o self-snoop the hole can be exploited using either CPU > or non-coherent DMA once the guest PAT is honored. As long as nobody > is willing to actually fix the CPU path (is it possible?) I'm kind of convinced We can cook a patch to check CPU self-snoop and force WB in EPT even for non-coherent DMA if no self-snoop. Then back porting such a patch together with the IOMMU side mitigation for non-coherent DMA. Otherwise, IOMMU side mitigation alone is meaningless for platforms of CPU of no self-snoop. > by Sean that sustaining the old behavior is probably the best option... Yes, as long as we think exposing secuirty hole on those platforms is acceptable.
Powered by blists - more mailing lists