| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0e3b8b42-4567-4db8-9f82-659d0ea10597@citrix.com>
Date: Fri, 5 Apr 2024 01:02:06 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Michael Kelley <mhklinux@...look.com>, Xi Ruoyao <xry111@...111.site>,
Dave Hansen <dave.hansen@...ux.intel.com>, Andy Lutomirski
<luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Dexuan Cui <decui@...rosoft.com>
Subject: Re: [PATCH v2] x86/mm: Don't disable INVLPG if "incomplete Global
INVLPG flushes" is fixed by microcode
On 04/04/2024 6:28 pm, Sean Christopherson wrote:
> On Thu, Apr 04, 2024, Andrew Cooper wrote:
>> A related example. I wrote the patch to hide XSAVES to work around an
>> AMD erratum where XSAVEC sufficed, and the consequences were so dire for
>> some versions of Windows that there was a suggestion to simply revert
>> the workaround to make VMs run again. Windows intentionally asserts
>> sanity (== expectations) in what it can see; I have no idea whether it
>> would object in this case but hiding PCID is definitely playing with fire.
> Yeah, KVM users got burned by that too. d52734d00b8e ("KVM: x86: Give a hint when
> Win2016 might fail to boot due to XSAVES erratum").
Yeah what I meant was that I wrote the Linux patch, and KVM got burnt
while Xen cared not... :)
> Hmm, one crazy idea would be to carve out a hypervisor CPUID range for enumerating
> (potentially) broken features. Dealing with the Intel/AMD (and Centaur, LOL),
> 0 / 0x8000_0000 split would be annoying, but not hard. E.g. use 0x4{0,8,C}01_xxxx
No transmeta love then? Or perhaps we declare it their fault for
choosing 0x8086 which is too awkward to fit into that scheme.
> to enumerate broken features, and then the guest could do:
>
> support = CPUID(leaf).reg & ~CPUID(to_pv_broken(leaf)).reg;
>
> It'd require a decent amount of churn for the initial support, but it would give
> hypervisors a way to inform guests that _any_ CPUID-based feature is broken,
> without requiring guest changes (after the initial code is merged) or explicit
> action from hardware vendors.
>
> And if we got Windows/Hyper-V in on the game, it would allow them to keep their
> sanity checks while (hopefully) degrading gracefully if a feature is enumerated
> as broken.
Crazy indeed, but I am curious to see if this has legs. The exact
indices may need tweaking, because 0x4x01_xxxx might be a little too
close for comfort, but at first glance it does look like a surprisingly
neat solution to the problem.
Perhaps worth a slot at plumbers?
~Andrew
Powered by blists - more mailing lists