| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 May 2024 16:33:17 -0700 From: Sean Christopherson <seanjc@...gle.com> To: Rick P Edgecombe <rick.p.edgecombe@...el.com> Cc: Weijiang Yang <weijiang.yang@...el.com>, Chao Gao <chao.gao@...el.com>, Dave Hansen <dave.hansen@...el.com>, "x86@...nel.org" <x86@...nel.org>, "peterz@...radead.org" <peterz@...radead.org>, "john.allen@....com" <john.allen@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mlevitsk@...hat.com" <mlevitsk@...hat.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "pbonzini@...hat.com" <pbonzini@...hat.com> Subject: Re: [PATCH v10 24/27] KVM: x86: Enable CET virtualization for VMX and advertise to userspace On Mon, May 06, 2024, Rick P Edgecombe wrote: > On Mon, 2024-05-06 at 17:19 +0800, Yang, Weijiang wrote: > > On 5/2/2024 7:15 AM, Sean Christopherson wrote: > > > On Sun, Feb 18, 2024, Yang Weijiang wrote: > > > > @@ -696,6 +697,20 @@ void kvm_set_cpu_caps(void) > > > > kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); > > > > if (boot_cpu_has(X86_FEATURE_AMD_SSBD)) > > > > kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL_SSBD); > > > > + /* > > > > + * Don't use boot_cpu_has() to check availability of IBT because > > > > the > > > > + * feature bit is cleared in boot_cpu_data when ibt=off is applied > > > > + * in host cmdline. > > > I'm not convinced this is a good reason to diverge from the host kernel. > > > E.g. PCID and many other features honor the host setup, I don't see what > > > makes IBT special. > > > > This is mostly based on our user experience and the hypothesis for cloud > > computing: When we evolve host kernels, we constantly encounter issues when > > kernel IBT is on, so we have to disable kernel IBT by adding ibt=off. But > > we need to test the CET features in VM, if we just simply refer to host > > boot cpuid data, then IBT cannot be enabled in VM which makes CET features > > incomplete in guest. > > > > I guess in cloud computing, it could run into similar dilemma. In this > > case, the tenant cannot benefit the feature just because of host SW > > problem. I know currently KVM except LA57 always honors host feature > > configurations, but in CET case, there could be divergence wrt honoring > > host configuration as long as there's no quirk for the feature. > > > > But I think the issue is still open for discussion... > > I think the back and forth I remembered was actually around SGX IBT, but I did > find this thread: > https://lore.kernel.org/lkml/20231128085025.GA3818@noisy.programming.kicks-ass.net/ > > Disabling kernel IBT enforcement without disabling KVM IBT seems worthwhile. But > the solution is to not to not honor host support. It is to have kernel IBT not > clear the feature flag and instead clear something else. This can be done > independently of the KVM series. Hmm, I don't disagree, but I'm not sure it makes sense to wait on that discussion to exempt IBT from the "it must be supported in the host" rule. I suspect that tweaking the handling X86_FEATURE_IBT of will open a much larger can of worms, as overhauling feature flag handling is very much on the x86 maintainers todo list. IMO, the odds of there being a hardware bug that necessitates hard disabling IBT are lower than the odds of KVM support for CET landing well before the feature stuff is sorted out.
Powered by blists - more mailing lists