lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Oct 2016 21:37:50 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Peter Zijlstra <peterz@...radead.org>
cc:     Bin Gao <bin.gao@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        John Stultz <john.stultz@...aro.org>, x86@...nel.org,
        linux-kernel@...r.kernel.org, bin.gao@...el.com
Subject: Re: [PATCH v3] x86/tsc: add X86_FEATURE_TSC_KNOWN_FREQ flag

On Thu, 20 Oct 2016, Peter Zijlstra wrote:
> On Thu, Oct 20, 2016 at 11:57:03AM +0200, Thomas Gleixner wrote:
> > On Thu, 13 Oct 2016, Bin Gao wrote:
> > > @@ -702,6 +702,15 @@ unsigned long native_calibrate_tsc(void)
> > >  		}
> > >  	}
> > >  
> > > +	setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ);
> > > +
> > > +	/*
> > > +	 * For Atom SoCs TSC is the only reliable clocksource.
> > > +	 * Mark TSC reliable so no watchdog on it.
> > > +	 */
> > > +	if (boot_cpu_data.x86_model == INTEL_FAM6_ATOM_GOLDMONT)
> > > +		setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE);
> > > +
> 
> AFAICT setting TSC_RELIABLE also skips the check_tsc_warp() tests in
> tsc_sync.c.
> 
> This means that if someone does a Goldmont BIOS with 'features', we'll
> never detect the wreckage :-/

Well, we have the same issue on other platforms/models which set the
reliable flag.

So one sanity check we can do is to read the IA32_TSC_ADJUST MSR on all
cores. They should all have the same value (usually 0) or at least have a
very minimal delta. If that's off by more than 1us then something is fishy
especially on single socket systems. We could at least WARN about it.

We could do this in idle occasionally as well, so we can detect the dreaded
"SMI wants to hide the cycles" crapola.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ