[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <53c918b4-2e03-4f68-b3f3-d18f62d5805c@intel.com>
Date: Mon, 4 Nov 2024 08:26:44 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: "Shah, Amit" <Amit.Shah@....com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>
Cc: "corbet@....net" <corbet@....net>,
"boris.ostrovsky@...cle.com" <boris.ostrovsky@...cle.com>,
"kai.huang@...el.com" <kai.huang@...el.com>,
"pawan.kumar.gupta@...ux.intel.com" <pawan.kumar.gupta@...ux.intel.com>,
"jpoimboe@...nel.org" <jpoimboe@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"daniel.sneddon@...ux.intel.com" <daniel.sneddon@...ux.intel.com>,
"Lendacky, Thomas" <Thomas.Lendacky@....com>,
"seanjc@...gle.com" <seanjc@...gle.com>, "mingo@...hat.com"
<mingo@...hat.com>, "pbonzini@...hat.com" <pbonzini@...hat.com>,
"tglx@...utronix.de" <tglx@...utronix.de>, "Moger, Babu"
<Babu.Moger@....com>, "Das1, Sandipan" <Sandipan.Das@....com>,
"hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org"
<peterz@...radead.org>, "bp@...en8.de" <bp@...en8.de>,
"Kaplan, David" <David.Kaplan@....com>
Subject: Re: [PATCH 1/2] x86: cpu/bugs: add support for AMD ERAPS feature
On 11/4/24 08:13, Shah, Amit wrote:
> I want to justify that not setting X86_FEATURE_RSB_CTXSW is still doing
> the right thing, albeit in hardware.
Let's back up a bit.
In the kernel, we have security concerns if RSB contents remain across
context switches. If process A's RSB entries are left and then process
B uses them, there's a problem.
Today, we mitigate that issue with manual kernel RSB state zapping on
context switches (X86_FEATURE_RSB_CTXSW).
You're saying that this fancy new ERAPS feature includes a new mechanism
to zap RSB state. But that only triggers "each time a TLB flush happens".
So what you're saying above is that you are concerned about RSB contents
sticking around across context switches. But instead of using
X86_FEATURE_RSB_CTXSW, you believe that the new TLB-flush-triggered
ERAPS flush can be used instead.
Are we all on the same page so far?
I think you're wrong. We can't depend on ERAPS for this. Linux doesn't
flush the TLB on context switches when PCIDs are in play. Thus, ERAPS
won't flush the RSB and will leave bad state in there and will leave the
system vulnerable.
Or what am I missing?
Powered by blists - more mailing lists