lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALMp9eTHsPeYi7wLaWtp-NuxE8Hz_LZUFYKUfzcx1+j+4-ZjmQ@mail.gmail.com>
Date: Wed, 9 Apr 2025 11:07:08 -0700
From: Jim Mattson <jmattson@...gle.com>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, amit@...nel.org, 
	kvm@...r.kernel.org, amit.shah@....com, thomas.lendacky@....com, bp@...en8.de, 
	tglx@...utronix.de, peterz@...radead.org, pawan.kumar.gupta@...ux.intel.com, 
	corbet@....net, mingo@...hat.com, dave.hansen@...ux.intel.com, hpa@...or.com, 
	seanjc@...gle.com, pbonzini@...hat.com, daniel.sneddon@...ux.intel.com, 
	kai.huang@...el.com, sandipan.das@....com, boris.ostrovsky@...cle.com, 
	Babu.Moger@....com, david.kaplan@....com, dwmw@...zon.co.uk, 
	andrew.cooper3@...rix.com
Subject: Re: [PATCH v3 2/6] x86/bugs: Use SBPB in __write_ibpb() if applicable

On Wed, Apr 2, 2025 at 7:18 PM Josh Poimboeuf <jpoimboe@...nel.org> wrote:
>
> On Wed, Apr 02, 2025 at 02:04:04PM -0700, Jim Mattson wrote:
> > On Wed, Apr 2, 2025 at 11:20 AM Josh Poimboeuf <jpoimboe@...nel.org> wrote:
> > >
> > > __write_ibpb() does IBPB, which (among other things) flushes branch type
> > > predictions on AMD.  If the CPU has SRSO_NO, or if the SRSO mitigation
> > > has been disabled, branch type flushing isn't needed, in which case the
> > > lighter-weight SBPB can be used.
> >
> > When nested SVM is not supported, should KVM "promote"
> > SRSO_USER_KERNEL_NO on the host to SRSO_NO in KVM_GET_SUPPORTED_CPUID?
> > Or is a Linux guest clever enough to do the promotion itself if
> > CPUID.80000001H:ECX.SVM[bit 2] is clear?
>
> I'm afraid that question is beyond my pay grade, maybe some AMD or virt
> folks can chime in.

That question aside, I'm not sure that this series is safe with
respect to nested virtualization.

If the CPU has SRSO_NO, then KVM will report SRSO_NO in
KVM_GET_SUPPORTED_CPUID. However, in nested virtualization, the L1
guest and the L2 guest share a prediction domain. KVM currently
ensures isolation between L1 and L2 with a call to
indirect_branch_prediction_barrier() in svm_vcpu_load(). I think that
particular barrier should *always* be a full IBPB--even if the host
has SRSO_NO.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ