Re: [PATCH final?] x86/bugs: KVM: Add support for SRSO_MSR_FIX

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Patrick Bellasi <derkling@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Patrick Bellasi <derkling@google.com>,
	Sean Christopherson <seanjc@google.com>,
	 Yosry Ahmed <yosry.ahmed@linux.dev>,
	Paolo Bonzini <pbonzini@redhat.com>,
	 Josh Poimboeuf <jpoimboe@redhat.com>,
	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
	x86@kernel.org,  kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	 Patrick Bellasi <derkling@matbug.net>,
	Brendan Jackman <jackmanb@google.com>,
	 David Kaplan <David.Kaplan@amd.com>
Subject: Re: [PATCH final?] x86/bugs: KVM: Add support for SRSO_MSR_FIX
Date: Mon,  3 Mar 2025 15:05:56 +0000	[thread overview]
Message-ID: <20250303150557.171528-1-derkling@google.com> (raw)
In-Reply-To: 20250303141046.GHZ8W4ZrPEdWA7Hb-b@fat_crate.local

> On Wed, Feb 26, 2025 at 06:45:40PM +0000, Patrick Bellasi wrote:
> > +
> > +	case SRSO_CMD_BP_SPEC_REDUCE:
> > +		if (boot_cpu_has(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) {
> > +bp_spec_reduce:
> > +			pr_notice("Reducing speculation to address VM/HV SRSO attack vector.\n");
>
> Probably not needed anymore as that will be in srso_strings which is issued
> later.

Good point, the above can certainly be dropped.

> > +			srso_mitigation = SRSO_MITIGATION_BP_SPEC_REDUCE;
> > +			break;
> > +		} else {
> > +			srso_mitigation = SRSO_MITIGATION_BP_SPEC_REDUCE_NA;
> > +			pr_warn("BP_SPEC_REDUCE not supported!\n");
> > +		}
> 
> This is the part I'm worried about: user hears somewhere "bp-spec-reduce" is
> faster, sets it but doesn't know whether the hw even supports it. Machine
> boots, warns which is a single line and waaay buried in dmesg and continues
> unmitigated.

That's why we are also going to detect this cases and set
SRSO_MITIGATION_BP_SPEC_REDUCE_NA, so that we get a:

  "Vulnerable: Reduced Speculation, not available"

from vulnerabilities/spec_rstack_overflow, which should be the only place users
look for to assess the effective mitigation posture, ins't it?

> So *maybe* we can make this a lot more subtle and say:
> 
> srso=__dont_fall_back_to_ibpb_on_vmexit_if_bp_spec_reduce__
> 
> (joking about the name but that should be the gist of what it means)

I can think about it, but this seems something different than the common
practice, i.e. specify at cmdline what you want and be prepares on possibly
not to get it.

> and then act accordingly when that is specified along with a big fat:
> 
> WARN_ON(..."You should not use this as a mitigation option if you don't know
> what you're doing")
> 
> along with a big fat splat in dmesg.
> 
> Hmmm...?

After all the above already happens, e.g. if we ask for ibpb-vmexit but the
machine has not the ucode. In this case we still have to check the
vulnerabilities report to know that we are:

  "Vulnerable: No microcode"

--
#include <best/regards.h>

Patrick Bellasi (derkling@)

next             reply	other threads:[~2025-03-03 15:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-03 15:05 Patrick Bellasi [this message]
2025-03-11 12:03 ` [PATCH final?] x86/bugs: KVM: Add support for SRSO_MSR_FIX Borislav Petkov
2025-03-11 13:36   ` Brendan Jackman
2025-03-12 19:17     ` Borislav Petkov
  -- strict thread matches above, loose matches on Subject: below --
2025-02-26 18:45 Patrick Bellasi
2025-02-26 19:51 ` Yosry Ahmed
2025-03-03 13:59   ` Borislav Petkov
2025-03-03 14:10 ` Borislav Petkov
2025-02-13 14:28 Re: Re: [PATCH] " Borislav Petkov
2025-02-13 17:50 ` Patrick Bellasi
2025-02-14 20:10   ` Borislav Petkov
2025-02-15 12:53     ` Borislav Petkov
2025-02-17  5:59       ` Yosry Ahmed
2025-02-17 16:07         ` Borislav Petkov
2025-02-17 19:56           ` Yosry Ahmed
2025-02-17 20:20             ` Borislav Petkov
2025-02-17 20:32               ` Yosry Ahmed
2025-02-18 11:13                 ` [PATCH final?] " Borislav Petkov
2025-02-18 14:42                   ` Patrick Bellasi
2025-02-18 15:34                     ` Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250303150557.171528-1-derkling@google.com \
    --to=derkling@google.com \
    --cc=David.Kaplan@amd.com \
    --cc=bp@alien8.de \
    --cc=derkling@matbug.net \
    --cc=jackmanb@google.com \
    --cc=jpoimboe@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pawan.kumar.gupta@linux.intel.com \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    --cc=x86@kernel.org \
    --cc=yosry.ahmed@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox