From: Nadav Amit <nadav.amit@gmail.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>,
"Gupta, Pawan Kumar" <pawan.kumar.gupta@intel.com>
Subject: Re: [FYI PATCH 0/7] Mitigation for CVE-2018-12207
Date: Wed, 13 Nov 2019 17:17:39 -0800 [thread overview]
Message-ID: <6C0513A5-6C73-4F17-B73B-6F19E7D9EAF0@gmail.com> (raw)
In-Reply-To: <dffb19ab-daa2-a513-531e-c43279d8a4bf@intel.com>
> On Nov 13, 2019, at 1:24 PM, Dave Hansen <dave.hansen@intel.com> wrote:
>
> On 11/13/19 12:23 AM, Paolo Bonzini wrote:
>> On 13/11/19 07:38, Jan Kiszka wrote:
>>> When reading MCE, error code 0150h, ie. SRAR, I was wondering if that
>>> couldn't simply be handled by the host. But I suppose the symptom of
>>> that erratum is not "just" regular recoverable MCE, rather
>>> sometimes/always an unrecoverable CPU state, despite the error code, right?
>> The erratum documentation talks explicitly about hanging the system, but
>> it's not clear if it's just a result of the OS mishandling the MCE, or
>> something worse. So I don't know. :( Pawan, do you?
>
> It's "something worse".
>
> I built a kernel module reproducer for this a long time ago. The
> symptom I observed was the whole system hanging hard, requiring me to go
> hit the power button. The MCE software machinery was not involved at
> all from what I could tell.
>
> About creating a unit test, I'd be personally happy to share my
> reproducer, but I built it before this issue was root-caused. There are
> actually quite a few underlying variants and a good unit test would make
> sure to exercise all of them. My reproducer probably only exercised a
> single case.
So please correct me if I am wrong. My understanding is that the reason that
only KVM needs to be fixed is that there is a strong assumption that the
kernel does not hold both 4k and 2M mappings at the same time. There is indeed
documentation that this is the intention in __split_huge_pmd_locked(), for
instance, due to other AMD issues with such setup.
But is it always the case? Looking at __split_large_page(), it seems that the
TLB invalidation is only done after the PMD is changed. Can't this leave a
small time window in which a malicious actor triggers a machine-check on
another core than the one that runs __split_large_page()?
next prev parent reply other threads:[~2019-11-14 1:17 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 21:21 [FYI PATCH 0/7] Mitigation for CVE-2018-12207 Paolo Bonzini
2019-11-12 21:21 ` [PATCH 1/7] x86/bugs: Add ITLB_MULTIHIT bug infrastructure Paolo Bonzini
2019-11-12 21:21 ` [PATCH 2/7] x86/cpu: Add Tremont to the cpu vulnerability whitelist Paolo Bonzini
2019-11-12 21:21 ` [PATCH 3/7] cpu/speculation: Uninline and export CPU mitigations helpers Paolo Bonzini
2019-11-12 21:21 ` [PATCH 4/7] kvm: mmu: ITLB_MULTIHIT mitigation Paolo Bonzini
2019-11-12 21:21 ` [PATCH 5/7] kvm: Add helper function for creating VM worker threads Paolo Bonzini
2019-11-12 21:21 ` [PATCH 6/7] kvm: x86: mmu: Recovery of shattered NX large pages Paolo Bonzini
2019-11-12 21:21 ` [PATCH 7/7] Documentation: Add ITLB_MULTIHIT documentation Paolo Bonzini
2019-11-13 6:38 ` [FYI PATCH 0/7] Mitigation for CVE-2018-12207 Jan Kiszka
2019-11-13 8:23 ` Paolo Bonzini
2019-11-13 21:24 ` Dave Hansen
2019-11-14 1:17 ` Nadav Amit [this message]
2019-11-14 5:26 ` Dave Hansen
2019-11-14 6:02 ` Nadav Amit
2019-11-15 2:11 ` Pawan Gupta
2019-11-14 8:09 ` Jan Kiszka
2019-11-18 13:58 ` Ralf Ramsauer
2020-01-21 18:08 ` Jan Kiszka
2020-01-21 18:25 ` Dave Hansen
2019-11-13 23:25 ` Pawan Gupta
2019-11-14 8:13 ` Jan Kiszka
2019-11-15 2:23 ` Pawan Gupta
2019-11-13 13:00 ` Jinpu Wang
2019-11-13 14:44 ` Paolo Bonzini
2019-11-13 18:10 ` Nadav Amit
2019-11-13 18:33 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6C0513A5-6C73-4F17-B73B-6F19E7D9EAF0@gmail.com \
--to=nadav.amit@gmail.com \
--cc=dave.hansen@intel.com \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@intel.com \
--cc=pbonzini@redhat.com \
--cc=ralf.ramsauer@oth-regensburg.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).