lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZhgOPRIA5lyhTfGs@google.com>
Date: Thu, 11 Apr 2024 09:22:21 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Xi Ruoyao <xry111@...111.site>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>, Michael Kelley <mhklinux@...look.com>, 
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, 
	Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, 
	linux-kernel@...r.kernel.org, Andrew Cooper <andrew.cooper3@...rix.com>
Subject: Re: [PATCH v7 2/2] x86/mm: Don't disable INVLPG if the kernel is
 running on a hypervisor

s/INVLPG/PCID again

On Thu, Apr 11, 2024, Xi Ruoyao wrote:
> The Intel erratum for "incomplete Global INVLPG flushes" says:
> 
>     This erratum does not apply in VMX non-root operation. It applies
>     only when PCIDs are enabled and either in VMX root operation or
>     outside VMX operation.
> 
> So if the kernel is running in a hypervisor, we are in VMX non-root

No, this is not strictly true.  The HYPERVISOR flag only states that the kernel
is running as a guest, it doesn't say anything about what mode the guest is run
in.  E.g. a fully PV guest running at CPL3 isn't in VMX non-root mode.  Ditto for
a fully emulated environment.

Of course, in such a setup the hypervisor really shouldn't be advertising PCID
support, and I've no idea if Xen PV (or any other PV mode) even shoves guest PCIDs
into hardware, i.e. PCID might be emulated and thus not subject to the hardware
bug.

In other words, simply checking HYPERVISOR *might* be safe, but it might not.
If we wanted to be paranoid, this could also check X86_FEATURE_VMX, which also
doesn't guarantee VMX non-root mode and would unnecessarily restrict PCID usage
to setups that allow nested VMX, but AFAIK there aren't any hypervisors which
fully emulate VMX.

> operation and we should be safe to use INVLPG.

s/INVLPG/PCID

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ