lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240914001623.fzpc2dunmpidi47a@desk>
Date: Fri, 13 Sep 2024 17:16:23 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Jim Mattson <jmattson@...gle.com>
Cc: Chao Gao <chao.gao@...el.com>, Jon Kohler <jon@...anix.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Borislav Petkov <bp@...en8.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, X86 ML <x86@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	LKML <linux-kernel@...r.kernel.org>,
	"kvm @ vger . kernel . org" <kvm@...r.kernel.org>
Subject: Re: [PATCH] x86/bhi: avoid hardware mitigation for
 'spectre_bhi=vmexit'

On Fri, Sep 13, 2024 at 04:04:56PM -0700, Jim Mattson wrote:
> > The IA32_SPEC_CTRL mask and shadow fields should be perfect for this.
> 
> In fact, this is the guidance given in
> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html:
> 
> The VMM should use the “virtualize IA32_SPEC_CTRL” VM-execution
> control to cause BHI_DIS_S to be set (see the VMM Support for
> BHB-clearing Software Sequences section) whenever:
> o The VMM is running on a processor for which the short software
> sequence may not be effective:
>   - Specifically, it does not enumerate BHI_NO, but does enumerate
> BHI_DIS_S, and is not an Atom-only processor.
> 
> In other words, the VMM should set bit 10 in the IA32_SPEC_CTRL mask
> on SPR. As long as the *effective* guest IA32_SPEC_CTRL value matches
> the host value, there is no need to write the MSR on VM-{entry,exit}.

With host setting the effective BHI_DIS_S for guest using virtual
SPEC_CTRL, there will be no way for guest to opt-out of BHI mitigation.
Or if the guest is mitigating BHI with the software sequence, it will
still get the hardware mitigation also.

To overcome this, the guest and KVM need to implement
MSR_VIRTUAL_MITIGATION_CTRL to allow guest to opt-out of hardware
mitigation.

> There is no need to disable BHI_DIS_S on the host and use the TSX
> abort sequence in its place.

Exactly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ