| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 May 2018 08:46:03 -0700
From: Fenghua Yu <fenghua.yu@...el.com>
To: "Thomas Gleixner" <tglx@...utronix.de>,
"Ingo Molnar" <mingo@...e.hu>,
"H. Peter Anvin" <hpa@...ux.intel.com>
Cc: "Ashok Raj" <ashok.raj@...el.com>,
"Dave Hansen" <dave.hansen@...el.com>,
"Rafael Wysocki" <rafael.j.wysocki@...el.com>,
"Tony Luck" <tony.luck@...el.com>,
"Alan Cox" <alan@...ux.intel.com>,
"Ravi V Shankar" <ravi.v.shankar@...el.com>,
"Arjan van de Ven" <arjan@...radead.org>,
"linux-kernel" <linux-kernel@...r.kernel.org>,
"x86" <x86@...nel.org>, Fenghua Yu <fenghua.yu@...el.com>
Subject: [RFC PATCH 14/16] x86/split_lock: Add debugfs interface to show and control firmware setting for split lock
By default, the firmware setting for split lock inherits from firmware
setting before kernel boots.
In cases like hard real time, user wants to identify split lock issues in
firmware even when #AC for split lock is not enabled in firmware before
kernel boots. The user may explicitly enable #AC for split lock for
firmware. Getting bang whenever there is a split lock in firmware helps
identify and fix the firmware split lock issue.
The debugfs interface /sys/kernel/debug/x86/split_lock/firmware shows the
firmware split lock setting: 0 for disabled and 1 for enabled.
User can override the firmware setting by writing 1 to enable #AC for
split lock in firmware and write 0 to disable #AC for split lock in
firmware.
When control flow comes to firmware (e.g. in S3, S4, S5, and EFI runtime),
kernel sets the firmware setting for split lock. Kernel restores to kernel
setting for split lock after coming back to kernel.
Please note: System Management Mode (SMM) is out of control of
kernel. So this interface cannot control split lock in SMM.
Signed-off-by: Fenghua Yu <fenghua.yu@...el.com>
---
arch/x86/kernel/cpu/test_ctl.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/arch/x86/kernel/cpu/test_ctl.c b/arch/x86/kernel/cpu/test_ctl.c
index d774485a5ca4..8bdc01067be9 100644
--- a/arch/x86/kernel/cpu/test_ctl.c
+++ b/arch/x86/kernel/cpu/test_ctl.c
@@ -516,12 +516,38 @@ static const struct file_operations user_mode_ops = {
.llseek = default_llseek,
};
+static int firmware_show(void *data, u64 *val)
+{
+ *val = split_lock_ac_firmware;
+
+ return 0;
+}
+
+static int firmware_store(void *data, u64 val)
+{
+ if (val != DISABLE_SPLIT_LOCK_AC && val != ENABLE_SPLIT_LOCK_AC)
+ return -EINVAL;
+
+ /* No need to update setting if new setting is the same as old one. */
+ if (val == split_lock_ac_firmware)
+ return 0;
+
+ mutex_lock(&split_lock_mutex);
+ split_lock_ac_firmware = val;
+ mutex_unlock(&split_lock_mutex);
+
+ return 0;
+}
+
+DEFINE_DEBUGFS_ATTRIBUTE(firmware_ops, firmware_show, firmware_store, "%llx\n");
+
static int __init debugfs_setup_split_lock(void)
{
struct debugfs_file debugfs_files[] = {
{"enable", 0600, &enable_ops},
{"kernel_mode", 0600, &kernel_mode_ops },
{"user_mode", 0600, &user_mode_ops },
+ {"firmware", 0600, &firmware_ops },
};
struct dentry *split_lock_dir, *fd;
int i;
--
2.5.0
Powered by blists - more mailing lists