| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.21.1811272142000.1875@nanos.tec.linutronix.de>
Date: Tue, 27 Nov 2018 21:42:56 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: "Lendacky, Thomas" <Thomas.Lendacky@....com>
cc: LKML <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jiri Kosina <jkosina@...e.cz>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
Waiman Long <longman9394@...il.com>,
Greg KH <gregkh@...uxfoundation.org>,
Dave Stewart <david.c.stewart@...el.com>,
Kees Cook <keescook@...omium.org>
Subject: Re: [patch V2 18/28] x86/speculation: Prepare for per task indirect
branch speculation control
On Tue, 27 Nov 2018, Thomas Gleixner wrote:
> On Tue, 27 Nov 2018, Lendacky, Thomas wrote:
> > On 11/25/2018 12:33 PM, Thomas Gleixner wrote:
> > > --- a/arch/x86/kernel/process.c
> > > +++ b/arch/x86/kernel/process.c
> > > @@ -406,6 +406,11 @@ static __always_inline void spec_ctrl_up
> > > if (static_cpu_has(X86_FEATURE_SSBD))
> > > msr |= ssbd_tif_to_spec_ctrl(tifn);
> >
> > I did some quick testing and found my original logic was flawed. Since
> > spec_ctrl_update_msr() can now be called for STIBP, an additional check
> > is needed to set the SSBD MSR bit.
> >
> > Both X86_FEATURE_VIRT_SSBD and X86_FEATURE_LS_CFG_SSBD cause
> > X86_FEATURE_SSBD to be set. Before this patch, spec_ctrl_update_msr() was
> > only called if X86_FEATURE_SSBD was set and one of the other SSBD features
> > wasn't set. But now, STIBP can cause spec_ctrl_update_msr() to get called
> > and cause the SSBD MSR bit to be set when it shouldn't (could result in
> > a GP fault).
>
> The below should fix that. We have the same logic in x86_virt_spec_ctrl()
Actually it's incomplete. Full version below.
Thanks,
tglx
8<-----------------
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -403,10 +403,11 @@ static __always_inline void spec_ctrl_up
u64 msr = x86_spec_ctrl_base;
/*
- * If X86_FEATURE_SSBD is not set, the SSBD bit is not to be
- * touched.
+ * If SSBD is not controlled in MSR_SPEC_CTRL, the SSBD bit has not
+ * to be touched.
*/
- if (static_cpu_has(X86_FEATURE_SSBD))
+ if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
+ static_cpu_has(X86_FEATURE_AMD_SSBD))
msr |= ssbd_tif_to_spec_ctrl(tifn);
/* Only evaluate if conditional STIBP is enabled */
@@ -440,7 +441,8 @@ static __always_inline void __speculatio
amd_set_ssb_virt_state(tifn);
else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
amd_set_core_ssb_state(tifn);
- else if (static_cpu_has(X86_FEATURE_SSBD))
+ else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
+ static_cpu_has(X86_FEATURE_AMD_SSBD))
updmsr = true;
}
Powered by blists - more mailing lists