Project

General

Profile

Bug #13002

bhyve should expose lfence-serialize state

Added by Patrick Mooney 8 days ago. Updated 8 days ago.

Status:
New
Priority:
Normal
Category:
bhyve
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

On recent AMD CPUs, the ability for lfence instructions to be serializing is controlled by bit 1 in MSR_AMD_DE_CFG. This has security ramifications for things like retpolines, so it would be valuable for bhyve to expose the status of this bit if it is found to be present (and active) on the host CPU. This way, guests can make informed decisions about how they use lfence.


Related issues

Related to illumos gate - Bug #12998: OpenBSD needs DE_CFG MSR on AMD bhyveClosed

Actions

History

#1

Updated by Patrick Mooney 8 days ago

  • Related to Bug #12998: OpenBSD needs DE_CFG MSR on AMD bhyve added
#2

Updated by Patrick Mooney 8 days ago

It should be noted that KVM does this today. It sets the bit visible to the guest based on how it is set in the host. The guest will receive a #GP if it tries to modify that bit (since the host will not be toggling the state after boot-up), or any others for that matter.

Also available in: Atom PDF