lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.21.1811211426470.1665@nanos.tec.linutronix.de>
Date:   Wed, 21 Nov 2018 14:33:59 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Tim Chen <tim.c.chen@...ux.intel.com>
cc:     Jiri Kosina <jikos@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Casey Schaufler <casey.schaufler@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Jon Masters <jcm@...hat.com>,
        Waiman Long <longman9394@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Dave Stewart <david.c.stewart@...el.com>,
        linux-kernel@...r.kernel.org, x86@...nel.org,
        stable@...r.kernel.org
Subject: Re: [Patch v7 10/18] x86/speculation: Turn on or off STIBP according
 to a task's TIF_STIBP

On Tue, 20 Nov 2018, Tim Chen wrote:
> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index 74bef48..48fcd46 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -406,6 +406,8 @@ static __always_inline void spec_ctrl_update_msr(unsigned long tifn)
>  	if (static_cpu_has(X86_FEATURE_SSBD))
>  		msr |= ssbd_tif_to_spec_ctrl(tifn);
>  
> +	msr |= stibp_tif_to_spec_ctrl(tifn);

This is wrong. If STIBP is disabled, but the TIF flag is set to control
IBPB and this path is entered to handle a SSBD change, then this will set
STIBP as well.

> +
>  	wrmsrl(MSR_IA32_SPEC_CTRL, msr);
>  }
>  
> @@ -418,7 +420,17 @@ static __always_inline void spec_ctrl_update_msr(unsigned long tifn)
>  static __always_inline void __speculation_ctrl_update(unsigned long tifp,
>  						      unsigned long tifn)
>  {
> -	bool updmsr = false;
> +	bool updmsr;
> +
> +	/*
> +	 * Need STIBP defense against Spectre v2 attack
> +	 * if SMT is in use and enhanced IBRS is unsupported.
> +	 */
> +	if (static_cpu_has(X86_FEATURE_STIBP) && cpu_use_smt_and_hotplug &&
> +	    !static_cpu_has(X86_FEATURE_USE_IBRS_ENHANCED))
> +		updmsr = !!((tifp ^ tifn) & _TIF_SPEC_INDIR_BRANCH);

At the end of the series this has then two alternative patch bits and two
static keys. This can be done with a single static key which is controlled
from the bug code.

I'll send out a cleaned up version of that stuff later today.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ