| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Apr 2024 13:38:33 +0800 From: Xi Ruoyao <xry111@...111.site> To: Andrew Cooper <andrew.cooper3@...rix.com>, Sean Christopherson <seanjc@...gle.com>, Michael Kelley <mhklinux@...look.com> Cc: Dave Hansen <dave.hansen@...el.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Dexuan Cui <decui@...rosoft.com> Subject: Re: [PATCH v2] x86/mm: Don't disable INVLPG if "incomplete Global INVLPG flushes" is fixed by microcode On Tue, 2024-04-09 at 08:56 +0100, Andrew Cooper wrote: > On 09/04/2024 2:43 am, Sean Christopherson wrote: > > On Mon, Apr 08, 2024, Michael Kelley wrote: > > > From: Dave Hansen <dave.hansen@...el.com> Sent: Thursday, April 4, 2024 11:09 AM > > > > On 4/4/24 10:48, Michael Kelley wrote: > > > > > I agree one could argue that it is a hypervisor bug to present PCID to the guest > > > > > in this situation. It's a lot cleaner to not have a guest be checking FMS and > > > > > microcode versions. But whether that's practical in the real world, at least > > > > > for Hyper-V, I don't know. What's the real impact of running with PCID while > > > > > the flaw is still present? I don’t know the history here .. > > > > There's a chance that INVLPG will appear ineffective. > > > > > > > > The bad sequence would go something like this: The kernel does the > > > > INVLPG on a global mapping. Later, when switching PCIDs, the TLB entry > > > > mysteriously reappears. No PCIDs switching means no mysterious > > > > reappearance. > > > Xi Ruoyao's patch identifies these errata: RPL042 and ADL063. In the links > > > to the documents Xi provided, both of these errata have the following > > > statement in the Errata Details section: > > > > > > This erratum does not apply in VMX non-root operation. It applies only > > > when PCIDs are enabled and either in VMX root operation or outside > > > VMX operation. > > > > > > I don't have deep expertise on the terminology here, but this sounds > > > like it is saying the erratum doesn’t apply in a guest VM. Or am I > > > misunderstanding? > > Huh. My read of that is the same as yours. If that's the case, then it probably > > makes sense to have KVM advertise support if PCID is available in hardware, even > > if PCID is disabled by the host kernel. > > My reading is the same also. Seems like VMs are fine. So... Should I sent a v6 with the hypervisor checking reverted [ i.e. always enable PCID if boot_cpu_has(X86_FEATURE_HYPERVISOR) ]? -- Xi Ruoyao <xry111@...111.site> School of Aerospace Science and Technology, Xidian University
Powered by blists - more mailing lists