From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 15 Oct 2019 09:45:23 -0000 Received: from us-smtp-1.mimecast.com ([207.211.31.81] helo=us-smtp-delivery-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iKJOL-00058v-6x for speck@linutronix.de; Tue, 15 Oct 2019 11:45:22 +0200 Received: by mail-wm1-f70.google.com with SMTP id l3so8379563wmf.8 for ; Tue, 15 Oct 2019 02:45:15 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:d001:591b:c73b:6c41? ([2001:b07:6468:f312:d001:591b:c73b:6c41]) by smtp.gmail.com with ESMTPSA id 5sm23744842wrk.86.2019.10.15.02.45.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Oct 2019 02:45:13 -0700 (PDT) From: Paolo Bonzini Subject: [MODERATED] NX, nested virtualization and arch caps Message-ID: Date: Tue, 15 Oct 2019 11:45:14 +0200 MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable To: speck@linutronix.de List-ID: Right now, the NX patches are not advertising the ARCH_CAP_PSCHANGE_MC_NO bit to its guests (especially nested hypervisors). This is despite KVM's shadow paging will ensure that the nested hypervisor's EPT pages are 4K in size. This is because nx_huge_pages is writable. Therefore, the value of the parameter could change from Y to N while a guest runs, and then the nested hypervisor would become vulnerable to the nested guest's bad behavior. On the other hand, if the ITLB_MULTIHIT mitigation is disabled, then any guest is anyway vulnerable to other guests' shenanigans. Therefore the nested hypervisor can just ignore ITLB_MULTIHIT altogether, even if it would then be vulnerable to L2's bad behavior. And this means we can unconditionally advertise to nested hypervisors that the processor is not vulnerable. Are there any issues with this reasoning? Thanks, Paolo