From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH 1/2] L1TF KVM 1
Date: Fri, 8 Jun 2018 16:49:07 -0400 [thread overview]
Message-ID: <20180608204907.GC7385@char.us.oracle.com> (raw)
In-Reply-To: <20180608174904.yftmnngfkj6f3rrr@treble>
On Fri, Jun 08, 2018 at 12:49:04PM -0500, speck for Josh Poimboeuf wrote:
> On Tue, May 29, 2018 at 09:42:13PM +0200, speck for Paolo Bonzini wrote:
> > From: Paolo Bonzini <pbonzini@redhat.com>
> > Subject: [PATCH 1/2] kvm: x86: mitigation for L1 cache terminal fault vulnerabilities
> >
> > This patch adds two mitigation modes for CVE-2018-3620, aka L1 terminal
> > fault. The two modes are "vmexit_l1d_flush=1" and "vmexit_l1d_flush=2".
> >
> > "vmexit_l1d_flush=2" is simply doing an L1 cache flush on every vmexit.
> > "vmexit_l1d_flush=1" is trying to avoid so on vmexits that are "confined"
> > in the kind of code that they execute. The idea is based on Intel's
> > patches, but the final list of "confined" vmexits isn't quite.
> >
> > Notably, L1 cache flushes are performed on EPT violations (which are
> > basically KVM-level page faults), vmexits that involve the emulator,
> > and on every KVM_RUN invocation (so each userspace exit). However,
> > most vmexits are considered safe. I singled out the emulator because
> > it may be a good target for other speculative execution-based threats,
> > and the MMU because it can bring host page tables in the L1 cache.
> >
> > The mitigation does not in any way try to do anything about hyperthreading;
> > it is possible for a sibling thread to read data from the cache during a
> > vmexit, before the host completes the flush, or to read data from the cache
> > while a sibling runs. This part of the work is not ready yet.
> >
> > For now I'm leaving the default to "vmexit_l1d_flush=2", in case we need
> > to push out the patches in an emergency embargo break, but I don't think
> > it's the best setting. The cost is up to 2.5x more expensive vmexits
> > on Haswell processors, and 30% on Coffee Lake (for the latter, this is
> > independent of whether microcode or the generic flush code are used).
> >
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>
> I think we should report the L1 flushing mitigation value (i.e., 0, 1 or
> 2) in the 'l1tf' vulnerabilities sysfs file.
But this is KVM module, not the generic code (bugs.c).
Or did you have in mind some sub-registration code so that the KVM module
can register its state of mind with bugs.c reporting?
Like 'L1D flush on VMENTER','IPI on VMEXIT', etc?
next prev parent reply other threads:[~2018-06-08 20:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-29 19:42 [MODERATED] [PATCH 0/2] L1TF KVM 0 Paolo Bonzini
2018-05-29 19:42 ` [MODERATED] [PATCH 1/2] L1TF KVM 1 Paolo Bonzini
2018-05-29 19:42 ` [MODERATED] [PATCH 2/2] L1TF KVM 2 Paolo Bonzini
[not found] ` <20180529194240.7F1336110A@crypto-ml.lab.linutronix.de>
2018-05-29 22:49 ` [PATCH 1/2] L1TF KVM 1 Thomas Gleixner
2018-05-29 23:54 ` [MODERATED] " Andrew Cooper
2018-05-30 9:01 ` Paolo Bonzini
2018-05-30 11:58 ` Martin Pohlack
2018-05-30 12:25 ` Thomas Gleixner
2018-05-30 14:31 ` Thomas Gleixner
2018-06-04 8:24 ` [MODERATED] " Martin Pohlack
2018-06-04 13:11 ` [MODERATED] Is: Tim, Q to you. Was:Re: " Konrad Rzeszutek Wilk
2018-06-04 17:59 ` [MODERATED] Encrypted Message Tim Chen
2018-06-05 1:25 ` [MODERATED] Re: Is: Tim, Q to you. Was:Re: [PATCH 1/2] L1TF KVM 1 Jon Masters
2018-06-05 1:30 ` Linus Torvalds
2018-06-05 7:10 ` Martin Pohlack
2018-06-05 23:34 ` [MODERATED] Encrypted Message Tim Chen
2018-06-05 23:37 ` Tim Chen
2018-06-07 19:11 ` Tim Chen
2018-06-07 23:24 ` [MODERATED] Re: Is: Tim, Q to you. Was:Re: [PATCH 1/2] L1TF KVM 1 Andi Kleen
2018-06-08 16:29 ` Thomas Gleixner
2018-06-08 17:51 ` [MODERATED] " Josh Poimboeuf
2018-06-11 14:50 ` Paolo Bonzini
2018-05-30 8:55 ` [MODERATED] " Peter Zijlstra
2018-05-30 9:02 ` Paolo Bonzini
2018-05-31 19:00 ` Jon Masters
[not found] ` <20180529194322.8B56F610F8@crypto-ml.lab.linutronix.de>
2018-05-29 23:59 ` [MODERATED] Re: [PATCH 2/2] L1TF KVM 2 Andrew Cooper
2018-05-30 8:38 ` Thomas Gleixner
2018-05-30 16:57 ` [MODERATED] " Andrew Cooper
2018-05-30 19:11 ` Thomas Gleixner
2018-05-30 21:10 ` [MODERATED] " Andi Kleen
2018-05-30 23:19 ` Andrew Cooper
[not found] ` <20180529194239.768D561107@crypto-ml.lab.linutronix.de>
2018-06-01 16:48 ` [MODERATED] Re: [PATCH 1/2] L1TF KVM 1 Konrad Rzeszutek Wilk
2018-06-04 14:56 ` Paolo Bonzini
[not found] ` <20180529194236.EDB8561100@crypto-ml.lab.linutronix.de>
2018-06-06 0:34 ` Dave Hansen
2018-06-06 14:15 ` Dave Hansen
[not found] ` <20180529194240.5654A61109@crypto-ml.lab.linutronix.de>
2018-06-08 17:49 ` Josh Poimboeuf
2018-06-08 20:49 ` Konrad Rzeszutek Wilk [this message]
2018-06-08 22:13 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180608204907.GC7385@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.