| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zhfzvv6_ZENQ1_7Z@google.com> Date: Thu, 11 Apr 2024 07:29:18 -0700 From: Sean Christopherson <seanjc@...gle.com> To: Xi Ruoyao <xry111@...111.site> Cc: Dave Hansen <dave.hansen@...ux.intel.com>, Michael Kelley <mhklinux@...look.com>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, linux-kernel@...r.kernel.org, Andrew Cooper <andrew.cooper3@...rix.com> Subject: Re: [PATCH v6] x86/mm: Don't disable INVLPG if "incomplete Global INVLPG flushes" is fixed by microcode or the kernel is running in a hypervisor On Thu, Apr 11, 2024, Xi Ruoyao wrote: > Per the "Processor Specification Update" documentations referred by the > intel-microcode-20240312 release note, this microcode release has fixed > the issue for all affected models. > > So don't disable INVLPG if the microcode is new enough. The precise > minimum microcode revision fixing the issue is provided by engineer from > Intel. > > And the erratum says: > > This erratum does not apply in VMX non-root operation. It applies > only when PCIDs are enabled and either in VMX root operation or > outside VMX operation. > > So if the kernel is running in a hypervisor, we are in VMX non-root > operation and we should be safe. This should be two separate patches, one to do the precise ucode update check, and one to keep PCID enabled for guests.
Powered by blists - more mailing lists