[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 Mar 2023 19:32:41 -0800
From: Roxana Bradescu <roxabee@...omium.org>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Eric Biggers <ebiggers@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Adam Langley <agl@...gle.com>,
Ard Biesheuvel <ardb@...nel.org>,
"Jason A . Donenfeld" <Jason@...c4.com>,
Pawan Kumar Gupta <pawan.kumar.gupta@...el.com>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>
Subject: Re: [PATCH] x86: enable Data Operand Independent Timing Mode
> On Feb 3, 2023, at 10:25 AM, Dave Hansen <dave.hansen@...el.com> wrote:
>
> BTW, I'm basically moving forward assuming that we're going to apply
> this patch in _some_ form. I'm going to make some changes, but I'll
> discuss them in this thread to make sure we're all on the same page first.
Just checking in on the changes mentioned here.
> On 1/24/23 17:28, Eric Biggers wrote:
>> +Affected CPUs
>> +-------------
>> +
>> +This vulnerability affects Intel Core family processors based on the Ice Lake
>> +and later microarchitectures, and Intel Atom family processors based on the
>> +Gracemont and later microarchitectures. For more information, see Intel's
>> +documentation [1]_.
>
> I had a hard time following the docs in this area.
>
> But I'm not sure this statement is correct. The docs actually say:
>
> For Intel® Core™ family processors based on microarchitectures
> before Ice Lake and Intel Atom® family processors based on
> microarchitectures before Gracemont that do not enumerate
> IA32_UARCH_MISC_CTL, developers may assume that the instructions
> listed here operate as if DOITM is enabled.
Have we been able to clarify if this assumption is guaranteed?
>
> A processor needs to be before "Ice Lake" and friends *AND* not
> enumerate IA32_UARCH_MISC_CTL to be unaffected.
>
> There's also another tweak that's needed because:
>
> Processors that do not enumerate IA32_ARCH_CAPABILITIES[DOITM]
> when the latest microcode is applied do not need to set
> IA32_UARCH_MISC_CTL [DOITM] in order to have the behavior
> described in this document...
>
> First, we need to mention the "latest microcode" thing in the kernel
> docs. I also _think_ the whole "microarchitectures before" stuff is
> rather irrelevant and we can simplify this down to:
>
> This vulnerability affects all Intel processors that support
> MSR_IA32_ARCH_CAPABILITIES and set MSR_IA32_ARCH_CAPABILITIES[DOITM]
> when the latest microcode is applied.
>
Certainly a lot cleaner. Would be great if the Intel docs reflected this.
—
Regards, Roxana
> Which reminds me. This:
>
>> +void update_doitm_msr(void)
>> +{
>> + u64 msr;
>> +
>> + if (doitm_off)
>> + return;
>> +
>> + rdmsrl(MSR_IA32_UARCH_MISC_CTL, msr);
>> + wrmsrl(MSR_IA32_UARCH_MISC_CTL, msr | UARCH_MISC_DOITM);
>> +}
>
> should probably be:
>
> void update_doitm_msr(void)
> {
> u64 msr;
>
> /*
> * All processors that enumerate support for DOIT
> * are affected *and* have the mitigation available.
> */
> if (!boot_cpu_has_bug(X86_BUG_DODT))
> return;
>
> rdmsrl(MSR_IA32_UARCH_MISC_CTL, msr);
> if (doitm_off)
> msr &= ~UARCH_MISC_DOITM;
> else
> msr |= UARCH_MISC_DOITM;
> wrmsrl(MSR_IA32_UARCH_MISC_CTL, msr);
> }
>
> in case the CPU isn't actually coming out of reset, like if kexec() left
> DOITM=1.
>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists