netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: Fenghua Yu <fenghua.yu@intel.com>
Cc: Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	H Peter Anvin <hpa@zytor.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Ravi V Shankar <ravi.v.shankar@intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>,
	Christopherson Sean J <sean.j.christopherson@intel.com>,
	Kalle Valo <kvalo@codeaurora.org>,
	Michael Chan <michael.chan@broadcom.com>,
	linux-kernel <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
	kvm@vger.kernel.org, netdev@vger.kernel.org,
	linux-wireless@vger.kernel.org,
	Xiaoyao Li <xiaoyao.li@linux.intel.com>
Subject: Re: [PATCH v8 12/15] kvm/vmx: Emulate MSR TEST_CTL
Date: Thu, 25 Apr 2019 09:42:04 +0200 (CEST)	[thread overview]
Message-ID: <alpine.DEB.2.21.1904250931020.1762@nanos.tec.linutronix.de> (raw)
In-Reply-To: <1556134382-58814-13-git-send-email-fenghua.yu@intel.com>

On Wed, 24 Apr 2019, Fenghua Yu wrote:
>  
> +static void atomic_switch_msr_test_ctl(struct vcpu_vmx *vmx)
> +{
> +	u64 host_msr_test_ctl;
> +
> +	if (!boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT))
> +		return;

Again: MSR_TST_CTL is not only about LOCK_DETECT. Check the control mask.

> +	host_msr_test_ctl = this_cpu_read(msr_test_ctl_cache);
> +
> +	if (host_msr_test_ctl == vmx->msr_test_ctl) {

This still assumes that the only bit which can be set in the MSR is that
lock detect bit.

> +		clear_atomic_switch_msr(vmx, MSR_TEST_CTL);
> +	} else {
> +		add_atomic_switch_msr(vmx, MSR_TEST_CTL, vmx->msr_test_ctl,
> +				      host_msr_test_ctl, false);

So what happens here is that if any other bit is set on the host, VMENTER
will happily clear it.

     guest = (host & ~vmx->test_ctl_mask) | vmx->test_ctl;

That preserves any bits which are not exposed to the guest.

But the way more interesting question is why are you exposing the MSR and
the bit to the guest at all if the host has split lock detection enabled?

That does not make any sense as you basically allow the guest to switch it
off and then launch a slowdown attack. If the host has it enabled, then a
guest has to be treated like any other process and the #AC trap has to be
caught by the hypervisor which then kills the guest.

Only if the host has split lock detection disabled, then you can expose it
and allow the guest to turn it on and handle it on its own.

Thanks,

	tglx



  reply	other threads:[~2019-04-25  7:42 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-24 19:32 [PATCH v8 00/15] x86/split_lock: Enable split lock detection Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 01/15] x86/common: Align cpu_caps_cleared and cpu_caps_set to unsigned long Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 02/15] drivers/net/b44: Align pwol_mask to unsigned long for better performance Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 03/15] wlcore: simplify/fix/optimize reg_ch_conf_pending operations Fenghua Yu
2019-04-25 17:12   ` Kalle Valo
2019-04-24 19:32 ` [PATCH v8 04/15] x86/split_lock: Align x86_capability to unsigned long to avoid split locked access Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 05/15] x86/msr-index: Define MSR_IA32_CORE_CAPABILITY and split lock detection bit Fenghua Yu
2019-04-25  5:45   ` Ingo Molnar
2019-04-25 19:01     ` Fenghua Yu
2019-04-25 19:47       ` Ingo Molnar
2019-04-25 19:51         ` Fenghua Yu
2019-04-25 20:08           ` Ingo Molnar
2019-04-25 20:22             ` Fenghua Yu
2019-04-26  6:00               ` Ingo Molnar
2019-05-06  0:12                 ` Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 06/15] x86/cpufeatures: Enumerate MSR_IA32_CORE_CAPABILITY Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 07/15] x86/split_lock: Enumerate split lock detection by MSR_IA32_CORE_CAPABILITY Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 08/15] x86/split_lock: Enumerate split lock detection on Icelake mobile processor Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 09/15] x86/split_lock: Define MSR TEST_CTL register Fenghua Yu
2019-04-25  6:21   ` Ingo Molnar
2019-04-25 19:48     ` Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 10/15] x86/split_lock: Handle #AC exception for split lock Fenghua Yu
2019-04-25  6:07   ` Ingo Molnar
2019-04-25  7:29   ` Thomas Gleixner
2019-04-24 19:32 ` [PATCH v8 11/15] kvm/x86: Emulate MSR IA32_CORE_CAPABILITY Fenghua Yu
2019-04-24 19:32 ` [PATCH v8 12/15] kvm/vmx: Emulate MSR TEST_CTL Fenghua Yu
2019-04-25  7:42   ` Thomas Gleixner [this message]
2019-04-27 12:20     ` Xiaoyao Li
2019-04-28  7:09       ` Thomas Gleixner
2019-04-28  7:34         ` Xiaoyao Li
2019-04-29  7:31           ` Thomas Gleixner
2019-04-29  5:21         ` Xiaoyao Li
2019-04-24 19:33 ` [PATCH v8 13/15] x86/split_lock: Enable split lock detection by default Fenghua Yu
2019-04-25  7:50   ` Thomas Gleixner
2019-05-06 21:39     ` Fenghua Yu
2019-04-25 10:52   ` David Laight
2019-04-25 10:58     ` Thomas Gleixner
2019-04-25 11:13       ` David Laight
2019-04-25 11:41         ` Peter Zijlstra
2019-04-25 13:04         ` Thomas Gleixner
2019-05-07 20:48       ` Fenghua Yu
2019-04-24 19:33 ` [PATCH v8 14/15] x86/split_lock: Disable split lock detection by kernel parameter "nosplit_lock_detect" Fenghua Yu
2019-04-24 19:33 ` [PATCH v8 15/15] x86/split_lock: Add a sysfs interface to enable/disable split lock detection during run time Fenghua Yu
2019-04-25  6:31   ` Ingo Molnar
2019-05-06  0:21     ` Fenghua Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.21.1904250931020.1762@nanos.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=ashok.raj@intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@intel.com \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=kvalo@codeaurora.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=michael.chan@broadcom.com \
    --cc=mingo@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=x86@kernel.org \
    --cc=xiaoyao.li@intel.com \
    --cc=xiaoyao.li@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).