lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALMp9eRvf54jCrmWXH_WDZwB7KJcM3DLtPubvDibAUKj7-=yyg@mail.gmail.com>
Date: Tue, 30 Sep 2025 09:02:46 -0700
From: Jim Mattson <jmattson@...gle.com>
To: Yosry Ahmed <yosry.ahmed@...ux.dev>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, 
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Tom Lendacky <thomas.lendacky@....com>, 
	Manali Shukla <manali.shukla@....com>, Sohil Mehta <sohil.mehta@...el.com>, 
	"Xin Li (Intel)" <xin@...or.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: Advertise EferLmsleUnsupported to userspace

On Tue, Sep 30, 2025 at 8:31 AM Yosry Ahmed <yosry.ahmed@...ux.dev> wrote:
>
> On Thu, Sep 25, 2025 at 01:29:18PM -0700, Jim Mattson wrote:
> > CPUID.80000008H:EBX.EferLmsleUnsupported[bit 20] is a defeature
> > bit. When this bit is clear, EFER.LMSLE is supported. When this bit is
> > set, EFER.LMLSE is unsupported. KVM has never supported EFER.LMSLE, so
> > it cannot support a 0-setting of this bit.
> >
> > Set the bit in KVM_GET_SUPPORTED_CPUID to advertise the unavailability
> > of EFER.LMSLE to userspace.
>
> It seems like KVM allows setting EFER.LMSLE when nested SVM is enabled:
> https://elixir.bootlin.com/linux/v6.17/source/arch/x86/kvm/svm/svm.c#L5354
>
> It goes back to commit eec4b140c924 ("KVM: SVM: Allow EFER.LMSLE to be
> set with nested svm"), the commit log says it was needed for the SLES11
> version of Xen 4.0 to boot with nested SVM. Maybe that's no longer the
> case.
>
> Should KVM advertise EferLmsleUnsupported if it allows setting
> EFER.LMSLE in some cases?

I don't think KVM should allow setting the bit if it's not going to
actually implement long mode segment limits. That seems like a
security issue. The L1 hypervisor thinks that the L2 guest will not be
able to access memory above the segment limit, but if there are no
segment limit checks, then L2 will be able to access that memory.

It should be possible for KVM to implement long mode segment limits on
hardware that supports the feature, but offering the feature on
hardware that doesn't support it is infeasible.

Do we really want to implement long mode segment limits in KVM, given
that modern CPUs don't support the feature?

> >
> > Signed-off-by: Jim Mattson <jmattson@...gle.com>
> > ---
> >  arch/x86/include/asm/cpufeatures.h | 1 +
> >  arch/x86/kvm/cpuid.c               | 1 +
> >  2 files changed, 2 insertions(+)
> >
> > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> > index 751ca35386b0..f9b593721917 100644
> > --- a/arch/x86/include/asm/cpufeatures.h
> > +++ b/arch/x86/include/asm/cpufeatures.h
> > @@ -338,6 +338,7 @@
> >  #define X86_FEATURE_AMD_STIBP                (13*32+15) /* Single Thread Indirect Branch Predictors */
> >  #define X86_FEATURE_AMD_STIBP_ALWAYS_ON      (13*32+17) /* Single Thread Indirect Branch Predictors always-on preferred */
> >  #define X86_FEATURE_AMD_IBRS_SAME_MODE       (13*32+19) /* Indirect Branch Restricted Speculation same mode protection*/
> > +#define X86_FEATURE_EFER_LMSLE_MBZ   (13*32+20) /* EFER.LMSLE must be zero */
> >  #define X86_FEATURE_AMD_PPIN         (13*32+23) /* "amd_ppin" Protected Processor Inventory Number */
> >  #define X86_FEATURE_AMD_SSBD         (13*32+24) /* Speculative Store Bypass Disable */
> >  #define X86_FEATURE_VIRT_SSBD                (13*32+25) /* "virt_ssbd" Virtualized Speculative Store Bypass Disable */
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index e2836a255b16..e0426e057774 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -1096,6 +1096,7 @@ void kvm_set_cpu_caps(void)
> >               F(AMD_STIBP),
> >               F(AMD_STIBP_ALWAYS_ON),
> >               F(AMD_IBRS_SAME_MODE),
> > +             EMULATED_F(EFER_LMSLE_MBZ),
> >               F(AMD_PSFD),
> >               F(AMD_IBPB_RET),
> >       );
> > --
> > 2.51.0.570.gb178f27e6d-goog
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ