Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1485156ybc; Tue, 12 Nov 2019 22:40:14 -0800 (PST) X-Google-Smtp-Source: APXvYqzGrXh7H+BZaBb9k0USo7bUSI7zz5aDeZ8Y/UuuMk2tfhMGaVQodwvZlppXllr1CDlO5j9m X-Received: by 2002:a50:ef17:: with SMTP id m23mr1825192eds.81.1573627214335; Tue, 12 Nov 2019 22:40:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573627214; cv=none; d=google.com; s=arc-20160816; b=YdUPCep/GY+bmKsaH9jtv1ZL5s3quGoEfLnfBYDyI6KeT572wo+mc+6/eKzkb15IXg GeBdQECSgbEu/qLumW3+cVlHa4v/E1WKXo8PhEK1tbGe5OmWHmeUPbMbrRFnljUHdHWr A2w6ymBNQIRQrCJtC6x9LsZ8UvPKMRz/bS1I6VwfB4CfEfj7VxpVnZwnesUPUOwwzzQv 5jC1R10mm4CP4TRUMADbmLBfJSQgl1xEcXt2PPpxCT7RmngQWsW5hVpzz4sNQCXq74tA bEkLetRGR+TxyNvpLUk6SbhqIBd16ggHWCtqWYxYk4ZZBMT4At0GpirSqlxuMx9BqdhT FUZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:cc:references:to:subject; bh=7sBIHhDqr5/hPs9xp8AhUHPrTfNseCfIoXrFwkaL1ZM=; b=mTUjCvVu5AE81H241G1NE4Vx9m+++hEDd5p0F0V1/virJXDs5H/HcvjyUvxsLUbQk+ rljt577n9WPoAWQj3ZqvAQvfYRWwyFEa8kOoxnC8OfUtrb2TwRzXpgrRr6s8sepG1QGj EkDhVk1Gfby9iLaRpS5SLRpWaBpF07LfeCMsrvCXQM7FL5elchdr5huCbA00RY2hBb7S djIOyqSy8e1w6ra5hrLEmQBBiaAwDtU0C1HwDgC36hWUk4/gSLUWSy7C/F2+gkENl51j CidT7UxePb1XFx3Rtm1LvzgbGjy4D6TF9DPSkyUnohmRXsVfnIEZR+zqT1CF6YYVeDeZ 5CZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l23si706630edc.185.2019.11.12.22.39.50; Tue, 12 Nov 2019 22:40:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727032AbfKMGi1 (ORCPT + 99 others); Wed, 13 Nov 2019 01:38:27 -0500 Received: from david.siemens.de ([192.35.17.14]:46587 "EHLO david.siemens.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725858AbfKMGi0 (ORCPT ); Wed, 13 Nov 2019 01:38:26 -0500 Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id xAD6cF7e031765 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2019 07:38:15 +0100 Received: from [167.87.41.29] ([167.87.41.29]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id xAD6cEwY008709; Wed, 13 Nov 2019 07:38:15 +0100 Subject: Re: [FYI PATCH 0/7] Mitigation for CVE-2018-12207 To: Paolo Bonzini , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <1573593697-25061-1-git-send-email-pbonzini@redhat.com> Cc: Ralf Ramsauer From: Jan Kiszka Message-ID: <23353382-53ea-8b20-7e30-763ef6df374c@siemens.com> Date: Wed, 13 Nov 2019 07:38:14 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <1573593697-25061-1-git-send-email-pbonzini@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12.11.19 22:21, Paolo Bonzini wrote: > CVE-2018-12207 is a microarchitectural implementation issue > that could allow an unprivileged local attacker to cause system wide > denial-of-service condition. > > Privileged software may change the page size (ex. 4KB, 2MB, 1GB) in the > paging structures, without following such paging structure changes with > invalidation of the TLB entries corresponding to the changed pages. In > this case, the attacker could invoke instruction fetch, which will result > in the processor hitting multiple TLB entries, reporting a machine check > error exception, and ultimately hanging the system. > > The attached patches mitigate the vulnerability by making huge pages > non-executable. The processor will not be able to execute an instruction > residing in a large page (ie. 2MB, 1GB, etc.) without causing a trap into > the host kernel/hypervisor; KVM will then break the large page into 4KB > pages and gives executable permission to 4KB pages. When reading MCE, error code 0150h, ie. SRAR, I was wondering if that couldn't simply be handled by the host. But I suppose the symptom of that erratum is not "just" regular recoverable MCE, rather sometimes/always an unrecoverable CPU state, despite the error code, right? Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux