lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160322165944.GC5656@pd.tnic>
Date:	Tue, 22 Mar 2016 17:59:44 +0100
From:	Borislav Petkov <bp@...e.de>
To:	Toshi Kani <toshi.kani@....com>
Cc:	mingo@...nel.org, hpa@...or.com, tglx@...utronix.de,
	mcgrof@...e.com, jgross@...e.com, paul.gortmaker@...driver.com,
	konrad.wilk@...cle.com, elliott@....com, x86@...nel.org,
	xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/6] x86/mm/pat: Add pat_disable() interface

On Wed, Mar 16, 2016 at 06:46:55PM -0600, Toshi Kani wrote:
> In preparation to fix a regression caused by 'commit 9cd25aac1f44
> ("x86/mm/pat: Emulate PAT when it is disabled")', PAT needs to
> provide an interface that disables the OS to initialize PAT MSR.

			prevents the OS from initializing the PAT MSR.

> 
> PAT MSR initialization must be done on all CPUs with the specific

s/with/using/

> sequence of operations defined in Intel SDM.  This requires MTRR
				   ^
				  the

s/MTRR/MTRRs/

> to be enabled since pat_init() is called as part of MTRR init
> from mtrr_rendezvous_handler().
> 
> Change pat_disable() as the interface to disable the OS to initialize
> PAT MSR, and set PAT table with pat_keep_handoff_state().  This
> interface can be called when PAT initialization may not be performed.

This paragraph reads funky and I can't really parse what it is trying to
say.

> This also assures that pat_disable() called from pat_bsp_init()
> to set PAT table properly when CPU does not support PAT.
> 
> Signed-off-by: Toshi Kani <toshi.kani@....com>
> Cc: Borislav Petkov <bp@...e.de>
> Cc: Luis R. Rodriguez <mcgrof@...e.com>
> Cc: Juergen Gross <jgross@...e.com>
> Cc: Robert Elliott <elliott@....com>
> Cc: Ingo Molnar <mingo@...nel.org>
> Cc: H. Peter Anvin <hpa@...or.com>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> ---
>  arch/x86/include/asm/pat.h |    1 +
>  arch/x86/mm/pat.c          |   21 ++++++++++++++++++---
>  2 files changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/include/asm/pat.h b/arch/x86/include/asm/pat.h
> index ca6c228..016142b 100644
> --- a/arch/x86/include/asm/pat.h
> +++ b/arch/x86/include/asm/pat.h
> @@ -5,6 +5,7 @@
>  #include <asm/pgtable_types.h>
>  
>  bool pat_enabled(void);
> +void pat_disable(const char *reason);
>  extern void pat_init(void);
>  void pat_init_cache_modes(u64);
>  
> diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
> index e0a34b0..48d1619 100644
> --- a/arch/x86/mm/pat.c
> +++ b/arch/x86/mm/pat.c
> @@ -40,11 +40,26 @@
>  static bool boot_cpu_done;
>  
>  static int __read_mostly __pat_enabled = IS_ENABLED(CONFIG_X86_PAT);
> +static void pat_keep_handoff_state(void);
>  
> -static inline void pat_disable(const char *reason)
> +/**
> + * pat_disable() - Disable the OS to initialize PAT MSR

			^^^^

Err, what? The function name can't be more clear.

> + *
> + * This function disables the OS to initialize PAT MSR, and calls

		    "prevents the OS from initializing the PAT MSR..."

> + * pat_keep_handoff_state() to set PAT table to the handoff state.

We can see what is calls. You're explaining *what* the code does instead
of *why* again.

> + */
> +void pat_disable(const char *reason)
>  {

Why aren't you checking __pat_enabled here?

	if (!__pat_enabled)
		return;

You can save yourself the other guards in that function, especially that
pr_err() below.

> +	if (boot_cpu_done) {
> +		pr_err("x86/PAT: PAT cannot be disabled after initialization "
> +		       "(attempting: %s)\n", reason);

Please integrate checkpatch.pl into your patch creation workflow as it
sometimes has valid complaints:

WARNING: quoted string split across lines
#79: FILE: arch/x86/mm/pat.c:55:
+               pr_err("x86/PAT: PAT cannot be disabled after initialization "
+                      "(attempting: %s)\n", reason);

More to the point: why do we need that pr_err() call? What is that
supposed to tell the user?

I think it is more for the programmer to catch wrong use of
pat_disable() and then it should be WARN_ONCE() or so...

> +		return;
> +	}
> +
>  	__pat_enabled = 0;
>  	pr_info("x86/PAT: %s\n", reason);
> +
> +	pat_keep_handoff_state();
>  }
>  
>  static int __init nopat(char *str)
> @@ -202,7 +217,7 @@ static void pat_bsp_init(u64 pat)
>  {
>  	u64 tmp_pat;
>  
> -	if (!cpu_has_pat) {
> +	if (!boot_cpu_has(X86_FEATURE_PAT)) {
>  		pat_disable("PAT not supported by CPU.");
>  		return;
>  	}
> @@ -220,7 +235,7 @@ static void pat_bsp_init(u64 pat)
>  
>  static void pat_ap_init(u64 pat)
>  {
> -	if (!cpu_has_pat) {
> +	if (!boot_cpu_has(X86_FEATURE_PAT)) {
>  		/*
>  		 * If this happens we are on a secondary CPU, but switched to
>  		 * PAT on the boot CPU. We have no way to undo PAT.

Those last two hunks are unrelated changes and should be a separate
patch.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ