lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150903235429.GZ8051@wotan.suse.de>
Date:	Fri, 4 Sep 2015 01:54:29 +0200
From:	"Luis R. Rodriguez" <mcgrof@...e.com>
To:	Toshi Kani <toshi.kani@....com>
Cc:	Prarit Bhargava <prarit@...hat.com>,
	Stuart Hayes <stuart.w.hayes@...il.com>, tglx@...utronix.de,
	mingo@...hat.com, "H. Peter Anvin" <hpa@...or.com>,
	linux-kernel@...r.kernel.org, x86@...nel.org,
	mcgrof@...not-panic.com, Toshi Kani <toshi.kani@...com>,
	Jan Beulich <JBeulich@...e.com>,
	Juergen Gross <jgross@...e.com>
Subject: Re: Fwd: [PATCH] x86: Use larger chunks in mtrr_cleanup

On Thu, Sep 03, 2015 at 05:21:14PM -0600, Toshi Kani wrote:
> On Fri, 2015-09-04 at 00:45 +0200, Luis R. Rodriguez wrote:
> > On Thu, Sep 03, 2015 at 04:25:31PM -0600, Toshi Kani wrote:
> > > On Fri, 2015-09-04 at 00:07 +0200, Luis R. Rodriguez wrote:
> > >  :
> > > > These are still at odds, for instance, I was under the impression we can
> > > > just have the OS return MTRR_TYPE_INVALID if the OS / drivers never used
> > > > or set up MTRR, but the platform did, above (not the patch) you seem to 
> > > > be saying that even if the OS didn't modify MTRRs the OS still needs to
> > > > return the appropriately set up MTRR type by firmware. This is 
> > > > different. Can you clarify?
> > > 
> > > mtrr_type_lookup() returns valid MTRR cache type for a given address range
> > > when MTRRs are enabled.  It does not matter if MTRRs are set by the 
> > > firmware or the OS.  When MTRRs are enabled, the kernel needs to check 
> > > through mtrr_type_lookup() that large page mapping requests are aligned 
> > > with MTRRs.
> > 
> > One further change I was considering was seeing if we can separate PAT
> > set up from MTRR's setup, but that was under the assumption we could live
> > with a kernel that would have mtrr_type_lookup() return MTRR_TYPE_INVALID
> > if kernel MTRR code is completely disabled but PAT enabled. We can't enable 
> > PAT today without MTRR beceause PAT is initialized from the MTRR init 
> > sequence and that depends on MTRR, if we separated these though and and if a 
> > distro disabled kernel MTRR an but enabled PAT and if MTRR did set up MTRR 
> > what would the possible issues be?
> 
> PAT's dependency to MTRR could be removed, but I would not recommend disabling
> the MTRR option since most of the firmwares enable MTRRs.

OK we can put such warning and default to enable MTRR and strongly warn
against disabling.

> When the kernel has
> the MTRR option disabled, but the firmware enables MTRRs, the kernel is unable
> to verify if a large page mapping is aligned with MTRRs.  This can lead
> undefined behavior when such an unaligned map with MTRRs is created and
> accessed.

Crikey!

> > > On Xen,
> > 
> > When Xen is used a platform firmware may still set up MTRR, even if the
> > hypervisor doesn't set up MTRR right ? So same issue and question here.
> 
> Right, I meant to say Xen guests.

Ah but its import complicated than that.

> In case of the Xen hypervisor,
> mtrr_type_lookup() returns a valid type as it runs on a platform.

I am not sure if this happens today, I know MTRR is simply disabled by
the Xen Hypervisor on the CPU explicitly, it disable it so guests reading
the MTRR capabilities sees it as disabled when queried.

Then since the Xen Linux guests cannot speak MTRR through the hypervisor (for
instance Xen guests cannot ask Xen hypervisor to mtrr_type_lookup() for it)
if PCI passthrough is used it could mean a guest might set up / use incorrect
info as well.

If I undestand this correctly then I think we're in a pickle with Xen unless
we add hypervisor support and hypercall support for mtrr_type_lookup().

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ