lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1527435965-202085-15-git-send-email-fenghua.yu@intel.com>
Date:   Sun, 27 May 2018 08:46:03 -0700
From:   Fenghua Yu <fenghua.yu@...el.com>
To:     "Thomas Gleixner" <tglx@...utronix.de>,
        "Ingo Molnar" <mingo@...e.hu>,
        "H. Peter Anvin" <hpa@...ux.intel.com>
Cc:     "Ashok Raj" <ashok.raj@...el.com>,
        "Dave Hansen" <dave.hansen@...el.com>,
        "Rafael Wysocki" <rafael.j.wysocki@...el.com>,
        "Tony Luck" <tony.luck@...el.com>,
        "Alan Cox" <alan@...ux.intel.com>,
        "Ravi V Shankar" <ravi.v.shankar@...el.com>,
        "Arjan van de Ven" <arjan@...radead.org>,
        "linux-kernel" <linux-kernel@...r.kernel.org>,
        "x86" <x86@...nel.org>, Fenghua Yu <fenghua.yu@...el.com>
Subject: [RFC PATCH 14/16] x86/split_lock: Add debugfs interface to show and control firmware setting for split lock

By default, the firmware setting for split lock inherits from firmware
setting before kernel boots.

In cases like hard real time, user wants to identify split lock issues in
firmware even when #AC for split lock is not enabled in firmware before
kernel boots. The user may explicitly enable #AC for split lock for
firmware. Getting bang whenever there is a split lock in firmware helps
identify and fix the firmware split lock issue.

The debugfs interface /sys/kernel/debug/x86/split_lock/firmware shows the
firmware split lock setting: 0 for disabled and 1 for enabled.

User can override the firmware setting by writing 1 to enable #AC for
split lock in firmware and write 0 to disable #AC for split lock in
firmware.

When control flow comes to firmware (e.g. in S3, S4, S5, and EFI runtime),
kernel sets the firmware setting for split lock. Kernel restores to kernel
setting for split lock after coming back to kernel.

Please note: System Management Mode (SMM) is out of control of
kernel. So this interface cannot control split lock in SMM.

Signed-off-by: Fenghua Yu <fenghua.yu@...el.com>
---
 arch/x86/kernel/cpu/test_ctl.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/arch/x86/kernel/cpu/test_ctl.c b/arch/x86/kernel/cpu/test_ctl.c
index d774485a5ca4..8bdc01067be9 100644
--- a/arch/x86/kernel/cpu/test_ctl.c
+++ b/arch/x86/kernel/cpu/test_ctl.c
@@ -516,12 +516,38 @@ static const struct file_operations user_mode_ops = {
 	.llseek	= default_llseek,
 };
 
+static int firmware_show(void *data, u64 *val)
+{
+	*val = split_lock_ac_firmware;
+
+	return 0;
+}
+
+static int firmware_store(void *data, u64 val)
+{
+	if (val != DISABLE_SPLIT_LOCK_AC && val != ENABLE_SPLIT_LOCK_AC)
+		return -EINVAL;
+
+	/* No need to update setting if new setting is the same as old one. */
+	if (val == split_lock_ac_firmware)
+		return 0;
+
+	mutex_lock(&split_lock_mutex);
+	split_lock_ac_firmware = val;
+	mutex_unlock(&split_lock_mutex);
+
+	return 0;
+}
+
+DEFINE_DEBUGFS_ATTRIBUTE(firmware_ops, firmware_show, firmware_store, "%llx\n");
+
 static int __init debugfs_setup_split_lock(void)
 {
 	struct debugfs_file debugfs_files[] = {
 		{"enable",      0600, &enable_ops},
 		{"kernel_mode",	0600, &kernel_mode_ops },
 		{"user_mode",	0600, &user_mode_ops },
+		{"firmware",	0600, &firmware_ops },
 	};
 	struct dentry *split_lock_dir, *fd;
 	int i;
-- 
2.5.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ