lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 Jan 2021 11:59:22 +0000
From:   Suzuki K Poulose <suzuki.poulose@....com>
To:     Marc Zyngier <maz@...nel.org>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.cs.columbia.edu,
        linux-kernel@...r.kernel.org, Will Deacon <will@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        David Brazdil <dbrazdil@...gle.com>,
        Alexandru Elisei <alexandru.elisei@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Jing Zhang <jingzhangos@...gle.com>,
        Ajay Patil <pajay@....qualcomm.com>,
        Prasad Sodagudi <psodagud@...eaurora.org>,
        Srinivas Ramana <sramana@...eaurora.org>,
        James Morse <james.morse@....com>,
        Julien Thierry <julien.thierry.kdev@...il.com>,
        kernel-team@...roid.com
Subject: Re: [PATCH v3 09/21] arm64: cpufeature: Add global feature override
 facility

On 1/12/21 11:50 AM, Marc Zyngier wrote:
> Hi Suzuki,
> 
> On 2021-01-12 09:17, Suzuki K Poulose wrote:
>> Hi Marc,
>>
>> On 1/11/21 7:48 PM, Marc Zyngier wrote:
> 
> [...]
> 
>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>> index 894af60b9669..00d99e593b65 100644
>>> --- a/arch/arm64/kernel/cpufeature.c
>>> +++ b/arch/arm64/kernel/cpufeature.c
>>> @@ -774,6 +774,7 @@ static void __init init_cpu_ftr_reg(u32 sys_reg, u64 new)
>>>       u64 strict_mask = ~0x0ULL;
>>>       u64 user_mask = 0;
>>>       u64 valid_mask = 0;
>>> +    u64 override_val = 0, override_mask = 0;
>>>
>>>       const struct arm64_ftr_bits *ftrp;
>>>       struct arm64_ftr_reg *reg = get_arm64_ftr_reg(sys_reg);
>>> @@ -781,9 +782,35 @@ static void __init init_cpu_ftr_reg(u32 sys_reg, u64 new)
>>>       if (!reg)
>>>           return;
>>>
>>> +    if (reg->override_mask && reg->override_val) {
>>> +        override_mask = *reg->override_mask;
>>> +        override_val = *reg->override_val;
>>> +    }
>>> +
>>>       for (ftrp = reg->ftr_bits; ftrp->width; ftrp++) {
>>>           u64 ftr_mask = arm64_ftr_mask(ftrp);
>>>           s64 ftr_new = arm64_ftr_value(ftrp, new);
>>> +        s64 ftr_ovr = arm64_ftr_value(ftrp, override_val);
>>> +
>>> +        if ((ftr_mask & override_mask) == ftr_mask) {
>>> +            if (ftr_ovr < ftr_new) {
>>
>> Here we assume that all the features are FTR_LOWER_SAFE. We could
>> probably use arm64_ftr_safe_value(ftrp, ftr_new, ftr_ovr) here ?
>> That would cover us for both HIGHER_SAFE and LOWER_SAFE features.
>> However that may be restrictive for FTR_EXACT, as we the safe
>> value would be set to "ftr->safe_val". I guess that may be better
>> than forcing to use an unsafe value for the boot CPU, which could
>> anyway conflict with the other CPUs and eventually trigger the
>> ftr alue to be safe_val.
> 
> I like the idea of using the helper, as it cleanups up the code a bit.
> However, not being to set a feature to a certain value could be restrictive,
> as in general, it means that we can only disable a feature and not adjust
> its level of support.
> 
> Take PMUVER for example: with the helper, I can't override it from v8.4 to
> v8.1. I can only go to v8.0.

My point is, we set this only for the "init" of cpu features. So, even if we
init to a custom , non-(default-safe) value, the secondary CPUs could scream,
and the system wide safe value could fall back to the "safe" value for EXACT features,
no matter what you did to init it.

Also, it will be dangerous for things like PAC, as the lower level value may
not be compatible with the "actual" cpu feature supported.

So simply setting to a lower value for EXACT features is generally not safe,
though I understand some are exceptions.

Suzuki



> 
> Is it something we care about?
> 
> Thanks,
> 
>          M.

Powered by blists - more mailing lists