lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2018 00:19:04 +0100 From: Ingo Molnar <mingo@...nel.org> To: Tim Chen <tim.c.chen@...ux.intel.com> Cc: Peter Zijlstra <peterz@...radead.org>, Dave Hansen <dave@...1.net>, hpa@...or.com, tglx@...utronix.de, torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org, dwmw@...zon.co.uk, linux-tip-commits@...r.kernel.org, Borislav Petkov <bp@...en8.de>, Arjan van de Ven <arjan@...radead.org> Subject: Re: [tip:x86/pti] x86/speculation: Use IBRS if available before calling into firmware * Tim Chen <tim.c.chen@...ux.intel.com> wrote: > On 02/14/2018 12:56 AM, Peter Zijlstra wrote: > > > > > At the very least this must disable and re-enable preemption, such that > > we guarantee we inc/dec the same counter. ISTR some firmware calls (EFI) > > actually are preemptible so that wouldn't work. > > > > Further, consider: > > > > this_cpu_inc_return() // 0->1 > > <NMI> > > this_cpu_inc_return() // 1->2 > > call_broken_arse_firmware() > > this_cpu_dec_return() // 2->1 > > </NMI> > > wrmsr(SPEC_CTRL, IBRS); > > > > /* from dodgy firmware crap */ > > > > this_cpu_dec_return() // 1->0 > > wrmsr(SPEC_CTRL, 0); > > > > How about the following patch. These fragile complications of the interface should now be unnecessary, as the only driver that called firmware from NMI callbacks (hpwdt.c) is going to remove those firmware callbacks in the near future - solving the problem at the source. Thanks, Ingo
Powered by blists - more mailing lists