| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Dec 2019 09:55:11 -0800
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
Tony Luck <tony.luck@...el.com>,
Tony W Wang-oc <TonyWWang-oc@...oxin.com>,
Len Brown <lenb@...nel.org>, Shuah Khan <shuah@...nel.org>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-edac@...r.kernel.org, linux-pm@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Subject: Re: [PATCH v4 10/19] x86/cpu: Detect VMX features on Intel, Centaur
and Zhaoxin CPUs
On Thu, Dec 12, 2019 at 12:38:38PM +0100, Borislav Petkov wrote:
> On Wed, Nov 27, 2019 at 05:40:07PM -0800, Sean Christopherson wrote:
> > +static void init_vmx_capabilities(struct cpuinfo_x86 *c)
> > +{
> > + u32 supported, funcs, ept, vpid, ign;
> > +
> > + BUILD_BUG_ON(NVMXINTS != NR_VMX_FEATURE_WORDS);
> > +
> > + /*
> > + * The high bits contain the allowed-1 settings, i.e. features that can
> > + * be turned on. The low bits contain the allowed-0 settings, i.e.
> > + * features that can be turned off. Ignore the allowed-0 settings,
> > + * if a feature can be turned on then it's supported.
> > + */
> > + rdmsr(MSR_IA32_VMX_PROCBASED_CTLS, ign, supported);
> > + c->vmx_capability[PRIMARY_PROC_CTLS] = supported;
> > +
> > + rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS2, &ign, &supported);
> > + c->vmx_capability[SECONDARY_PROC_CTLS] = supported;
> > +
> > + rdmsr(MSR_IA32_VMX_PINBASED_CTLS, ign, supported);
> > + rdmsr_safe(MSR_IA32_VMX_VMFUNC, &ign, &funcs);
> > +
> > + /*
> > + * Except for EPT+VPID, which enumerates support for both in a single
> > + * MSR, low for EPT, high for VPID.
> > + */
> > + rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, &ept, &vpid);
>
> Right, so this is a garden variety of rdmsr() and rdmsr_safe() and
> the safe variant's retval needs to be checked, strictly speaking. It
> probably doesn't matter here since you'll get 0s if it fails, which
> means feature not supported, so all good.
>
> But I guess you can still use rdmsr_safe() everywhere just so it doesn't
> cause head scratching in the future, when one looks at that code.
The reasoning behind using vanilla rdmsr() on PROC and PIN controls is that
those MSRs should exist on any CPU that supports VMX, i.e. we want the WARN.
The alternative would be to use rdmsr_safe() for everything and then
explicitly disable VMX if a fault on PROC or PIN occurs, but that circles
us back to the handling a fault on rdmsr(MSR_IA32_FEAT_CTL), i.e. is it
really worth gracefully handling a fault that should never occur?
>
> > +#endif /* CONFIG_X86_VMX_FEATURE_NAMES */
> >
> > #undef pr_fmt
> > #define pr_fmt(fmt) "x86/cpu: " fmt
> > @@ -50,5 +116,9 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
> > pr_err_once("VMX (%s TXT) disabled by BIOS\n",
> > tboot ? "inside" : "outside");
> > clear_cpu_cap(c, X86_FEATURE_VMX);
> > + } else {
> > +#ifdef CONFIG_X86_VMX_FEATURE_NAMES
> > + init_vmx_capabilities(c);
> > +#endif
>
> Can't say that I'm happy about all that ifdeffery but I guess we need
> to perpetuate this since X86_FEATURE_NAMES is there for embedded. In
> practice, probably no one disables it...
Ya, systemd wasn't happy when I tried booting without X86_FEATURE_NAMES.
Powered by blists - more mailing lists