* L!TF Bulletin #4: The state of the horrors @ 2018-07-13 15:08 Thomas Gleixner 2018-07-13 15:56 ` [MODERATED] " Konrad Rzeszutek Wilk ` (2 more replies) 0 siblings, 3 replies; 9+ messages in thread From: Thomas Gleixner @ 2018-07-13 15:08 UTC (permalink / raw) To: speck [-- Attachment #1: Type: text/plain, Size: 1011 bytes --] Hi! The repository has been updated with the following changes since bulletin #3: - Online sibling threads when SMT control is switched from off to on - Expose the VMX mitigation state properly in the l1tf vulnerability file - Fix EPT off handling - Make the kvm L1D flush parameter runtime controllable - Add the 'l1tf' kernel command line option - Add documentation about the whole mess The master branch is still based on 4.18-rc1 and merges almost cleanly into 4.18-rc4+ with a very trivial conflict. It's not going to be rebased because the commit SHA1s are used in the stable branches and are also already used in distro backports. The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been rebased to the latest stable versions. David Woodhouse said he's looking into updating the linux-4.9.y stable branch in the next days. Git bundle against v4.18-rc1 is attached. Thanks everyone involved for patches, testing, review and entertaining discussions! Thanks, tglx [-- Attachment #2: Type: application/octet-stream, Size: 81836 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: L!TF Bulletin #4: The state of the horrors 2018-07-13 15:08 L!TF Bulletin #4: The state of the horrors Thomas Gleixner @ 2018-07-13 15:56 ` Konrad Rzeszutek Wilk 2018-07-14 12:57 ` Thomas Gleixner 2018-07-18 19:36 ` Andi Kleen 2018-07-23 16:10 ` [MODERATED] " David Woodhouse 2 siblings, 1 reply; 9+ messages in thread From: Konrad Rzeszutek Wilk @ 2018-07-13 15:56 UTC (permalink / raw) To: speck On Fri, Jul 13, 2018 at 05:08:35PM +0200, speck for Thomas Gleixner wrote: > Hi! > > The repository has been updated with the following changes since bulletin #3: > > - Online sibling threads when SMT control is switched from off to on > > - Expose the VMX mitigation state properly in the l1tf vulnerability file > > - Fix EPT off handling > > - Make the kvm L1D flush parameter runtime controllable > > - Add the 'l1tf' kernel command line option > > - Add documentation about the whole mess > > The master branch is still based on 4.18-rc1 and merges almost cleanly into > 4.18-rc4+ with a very trivial conflict. It's not going to be rebased > because the commit SHA1s are used in the stable branches and are also > already used in distro backports. > > The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been > rebased to the latest stable versions. David Woodhouse said he's looking > into updating the linux-4.9.y stable branch in the next days. > > Git bundle against v4.18-rc1 is attached. > > Thanks everyone involved for patches, testing, review and entertaining > discussions! You may also want to backport git cherry-pick 84676c1f21e8 git cherry-pick adbe552349f2d As in the stable trees. The reason being that with 'nosmt' the megasas controller goes bonky and stops working. > > Thanks, > > tglx ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: L!TF Bulletin #4: The state of the horrors 2018-07-13 15:56 ` [MODERATED] " Konrad Rzeszutek Wilk @ 2018-07-14 12:57 ` Thomas Gleixner 2018-07-14 19:08 ` [MODERATED] " Greg KH 0 siblings, 1 reply; 9+ messages in thread From: Thomas Gleixner @ 2018-07-14 12:57 UTC (permalink / raw) To: speck On Fri, 13 Jul 2018, speck for Konrad Rzeszutek Wilk wrote: > On Fri, Jul 13, 2018 at 05:08:35PM +0200, speck for Thomas Gleixner wrote: > > Hi! > > > > The repository has been updated with the following changes since bulletin #3: > > > > - Online sibling threads when SMT control is switched from off to on > > > > - Expose the VMX mitigation state properly in the l1tf vulnerability file > > > > - Fix EPT off handling > > > > - Make the kvm L1D flush parameter runtime controllable > > > > - Add the 'l1tf' kernel command line option > > > > - Add documentation about the whole mess > > > > The master branch is still based on 4.18-rc1 and merges almost cleanly into > > 4.18-rc4+ with a very trivial conflict. It's not going to be rebased > > because the commit SHA1s are used in the stable branches and are also > > already used in distro backports. > > > > The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been > > rebased to the latest stable versions. David Woodhouse said he's looking > > into updating the linux-4.9.y stable branch in the next days. > > > > Git bundle against v4.18-rc1 is attached. > > > > Thanks everyone involved for patches, testing, review and entertaining > > discussions! > > You may also want to backport > > git cherry-pick 84676c1f21e8 > git cherry-pick adbe552349f2d > > As in the stable trees. The reason being that with 'nosmt' the megasas controller > goes bonky and stops working. I'd prefer to route them directly to stable as the stuff is already broken with maxcpus=N. Greg? Thanks, tglx ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: L!TF Bulletin #4: The state of the horrors 2018-07-14 12:57 ` Thomas Gleixner @ 2018-07-14 19:08 ` Greg KH 2018-07-15 7:32 ` Greg KH 0 siblings, 1 reply; 9+ messages in thread From: Greg KH @ 2018-07-14 19:08 UTC (permalink / raw) To: speck On Sat, Jul 14, 2018 at 02:57:00PM +0200, speck for Thomas Gleixner wrote: > On Fri, 13 Jul 2018, speck for Konrad Rzeszutek Wilk wrote: > > On Fri, Jul 13, 2018 at 05:08:35PM +0200, speck for Thomas Gleixner wrote: > > > Hi! > > > > > > The repository has been updated with the following changes since bulletin #3: > > > > > > - Online sibling threads when SMT control is switched from off to on > > > > > > - Expose the VMX mitigation state properly in the l1tf vulnerability file > > > > > > - Fix EPT off handling > > > > > > - Make the kvm L1D flush parameter runtime controllable > > > > > > - Add the 'l1tf' kernel command line option > > > > > > - Add documentation about the whole mess > > > > > > The master branch is still based on 4.18-rc1 and merges almost cleanly into > > > 4.18-rc4+ with a very trivial conflict. It's not going to be rebased > > > because the commit SHA1s are used in the stable branches and are also > > > already used in distro backports. > > > > > > The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been > > > rebased to the latest stable versions. David Woodhouse said he's looking > > > into updating the linux-4.9.y stable branch in the next days. > > > > > > Git bundle against v4.18-rc1 is attached. > > > > > > Thanks everyone involved for patches, testing, review and entertaining > > > discussions! > > > > You may also want to backport > > > > git cherry-pick 84676c1f21e8 > > git cherry-pick adbe552349f2d > > > > As in the stable trees. The reason being that with 'nosmt' the megasas controller > > goes bonky and stops working. > > I'd prefer to route them directly to stable as the stuff is already broken > with maxcpus=N. Greg? Good idea, I'll queue these up directly, thanks. greg k-h ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: L!TF Bulletin #4: The state of the horrors 2018-07-14 19:08 ` [MODERATED] " Greg KH @ 2018-07-15 7:32 ` Greg KH 0 siblings, 0 replies; 9+ messages in thread From: Greg KH @ 2018-07-15 7:32 UTC (permalink / raw) To: speck On Sat, Jul 14, 2018 at 09:08:58PM +0200, speck for Greg KH wrote: > On Sat, Jul 14, 2018 at 02:57:00PM +0200, speck for Thomas Gleixner wrote: > > On Fri, 13 Jul 2018, speck for Konrad Rzeszutek Wilk wrote: > > > On Fri, Jul 13, 2018 at 05:08:35PM +0200, speck for Thomas Gleixner wrote: > > > > Hi! > > > > > > > > The repository has been updated with the following changes since bulletin #3: > > > > > > > > - Online sibling threads when SMT control is switched from off to on > > > > > > > > - Expose the VMX mitigation state properly in the l1tf vulnerability file > > > > > > > > - Fix EPT off handling > > > > > > > > - Make the kvm L1D flush parameter runtime controllable > > > > > > > > - Add the 'l1tf' kernel command line option > > > > > > > > - Add documentation about the whole mess > > > > > > > > The master branch is still based on 4.18-rc1 and merges almost cleanly into > > > > 4.18-rc4+ with a very trivial conflict. It's not going to be rebased > > > > because the commit SHA1s are used in the stable branches and are also > > > > already used in distro backports. > > > > > > > > The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been > > > > rebased to the latest stable versions. David Woodhouse said he's looking > > > > into updating the linux-4.9.y stable branch in the next days. > > > > > > > > Git bundle against v4.18-rc1 is attached. > > > > > > > > Thanks everyone involved for patches, testing, review and entertaining > > > > discussions! > > > > > > You may also want to backport > > > > > > git cherry-pick 84676c1f21e8 > > > git cherry-pick adbe552349f2d > > > > > > As in the stable trees. The reason being that with 'nosmt' the megasas controller > > > goes bonky and stops working. > > > > I'd prefer to route them directly to stable as the stuff is already broken > > with maxcpus=N. Greg? > > Good idea, I'll queue these up directly, thanks. Ugh, that scsi driver patch is a pain, that's going to take more work... Also, 4.9.y is going to take more work for this as well, I'll try to remember this for when those patches show up too. greg k-h ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: L!TF Bulletin #4: The state of the horrors 2018-07-13 15:08 L!TF Bulletin #4: The state of the horrors Thomas Gleixner 2018-07-13 15:56 ` [MODERATED] " Konrad Rzeszutek Wilk @ 2018-07-18 19:36 ` Andi Kleen 2018-07-18 19:45 ` Thomas Gleixner 2018-07-23 16:10 ` [MODERATED] " David Woodhouse 2 siblings, 1 reply; 9+ messages in thread From: Andi Kleen @ 2018-07-18 19:36 UTC (permalink / raw) To: speck > Thanks everyone involved for patches, testing, review and entertaining > discussions! Just looking through the patches again. Thanks for implementing the dynamic control. +3.2. EPT not supported or disabled +"""""""""""""""""""""""""""""""""" + + If EPT is not supported by the processor or disabled in the hypervisor, + the system is fully protected. SMT can stay enabled and L1D flushing on + VMENTER is not required. AFAIK we're still missing a patch to ensure that the shadow page tables are actually inverted if needed, or did I miss it? The code just copies the original currently I think, which means the shadow is as attackable as the original. Rest looks good to me. -Andi ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: L!TF Bulletin #4: The state of the horrors 2018-07-18 19:36 ` Andi Kleen @ 2018-07-18 19:45 ` Thomas Gleixner 2018-07-19 8:46 ` [MODERATED] Re: ***UNCHECKED*** " Alexander Graf 0 siblings, 1 reply; 9+ messages in thread From: Thomas Gleixner @ 2018-07-18 19:45 UTC (permalink / raw) To: speck On Wed, 18 Jul 2018, speck for Andi Kleen wrote: > > Thanks everyone involved for patches, testing, review and entertaining > > discussions! > > Just looking through the patches again. Thanks for implementing > the dynamic control. > > +3.2. EPT not supported or disabled > +"""""""""""""""""""""""""""""""""" > + > + If EPT is not supported by the processor or disabled in the hypervisor, > + the system is fully protected. SMT can stay enabled and L1D flushing on > + VMENTER is not required. > > AFAIK we're still missing a patch to ensure that the shadow page tables > are actually inverted if needed, or did I miss it? > > The code just copies the original currently I think, which means > the shadow is as attackable as the original. Paolo told me it works today. Paolo!?!?! Thanks, tglx ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: ***UNCHECKED*** Re: L!TF Bulletin #4: The state of the horrors 2018-07-18 19:45 ` Thomas Gleixner @ 2018-07-19 8:46 ` Alexander Graf 0 siblings, 0 replies; 9+ messages in thread From: Alexander Graf @ 2018-07-19 8:46 UTC (permalink / raw) To: speck [-- Attachment #1: Type: text/plain, Size: 1352 bytes --] On 18.07.18 21:45, speck for Thomas Gleixner wrote: > On Wed, 18 Jul 2018, speck for Andi Kleen wrote: > >>> Thanks everyone involved for patches, testing, review and entertaining >>> discussions! >> >> Just looking through the patches again. Thanks for implementing >> the dynamic control. >> >> +3.2. EPT not supported or disabled >> +"""""""""""""""""""""""""""""""""" >> + >> + If EPT is not supported by the processor or disabled in the hypervisor, >> + the system is fully protected. SMT can stay enabled and L1D flushing on >> + VMENTER is not required. >> >> AFAIK we're still missing a patch to ensure that the shadow page tables >> are actually inverted if needed, or did I miss it? >> >> The code just copies the original currently I think, which means >> the shadow is as attackable as the original. > > Paolo told me it works today. Paolo!?!?! I don't see anything in the shadow paging code that would potentially leak guest PTEs with !P into host PTEs. Every translation needs to go through gpa_to_gva which again checks the access bits and that check includes the P check. So from what I can tell in the code, non-present pages will simply be 0 which again is safe. Andi, if you found a path in the SPT code that could leak !P pages, could you please point us to it? Thanks! Alex ^ permalink raw reply [flat|nested] 9+ messages in thread
* [MODERATED] Re: L!TF Bulletin #4: The state of the horrors 2018-07-13 15:08 L!TF Bulletin #4: The state of the horrors Thomas Gleixner 2018-07-13 15:56 ` [MODERATED] " Konrad Rzeszutek Wilk 2018-07-18 19:36 ` Andi Kleen @ 2018-07-23 16:10 ` David Woodhouse 2 siblings, 0 replies; 9+ messages in thread From: David Woodhouse @ 2018-07-23 16:10 UTC (permalink / raw) To: speck On Fri, 2018-07-13 at 17:08 +0200, speck for Thomas Gleixner wrote: > > The stable branches linux-4.14.y, linux-4.16.y and linux-4.17.y have been > rebased to the latest stable versions. David Woodhouse said he's looking > into updating the linux-4.9.y stable branch in the next days. I've just pushed out a first version of the linux-4.9.y branch. It's basically completely untested except that it builds and boots in 'qemu-system-x86_64 -kernel arch/x86/kernel/bzImage' and panics about the lack of root filesystem without panicking about anything *else* first. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-07-23 16:10 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-07-13 15:08 L!TF Bulletin #4: The state of the horrors Thomas Gleixner 2018-07-13 15:56 ` [MODERATED] " Konrad Rzeszutek Wilk 2018-07-14 12:57 ` Thomas Gleixner 2018-07-14 19:08 ` [MODERATED] " Greg KH 2018-07-15 7:32 ` Greg KH 2018-07-18 19:36 ` Andi Kleen 2018-07-18 19:45 ` Thomas Gleixner 2018-07-19 8:46 ` [MODERATED] Re: ***UNCHECKED*** " Alexander Graf 2018-07-23 16:10 ` [MODERATED] " David Woodhouse
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.