lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210507110210.147106915@linutronix.de>
Date:   Fri, 07 May 2021 13:02:10 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     x86@...nel.org, Lai Jiangshan <laijs@...ux.alibaba.com>,
        Joerg Roedel <joro@...tes.org>, Borislav Petkov <bp@...e.de>
Subject: [patch 0/2] x86/idt: Consolidate IDT/TSS setup

The IDT/TSS setup for the boot CPU on 64-bit is split into two parts:

  1) Setup IDT without IST before cpu_init()
  2) Setup IDT with IST after cpu_init()

Lai noticed [1] that the NMI setup in #1 is wrong because it uses the IST aware
entry point but if an NMI happens there it would run on the kernel stack
which can cause the IST aware code to malfunction.

That's not a real problem because a NMI hitting during early boot before
the IDT is fully set up is fatal anyway. The intermediate issue with the
split setup is just making that window marginally wider. Though the setup
logic is more convoluted than necessary.

There is another oddity regarding secondary CPUs. The recently added SEV
support requires #VC to be functional when invoking cpu_init() and
therefore added a separate function which initializes TSS before that.

Now cpu_init() itself does the same initialization again, which is
pointless and confusing at best.

Borislav posted a patch [2] which moves the TSS initialization to the start of
cpu_init(), but when looking at the boot CPU setup, this is not helpful.

So I kept the separate function and made use of it in trap_init() so that
the ordering is now TSS setup, IDT setup, cpu_init(). That allows to get
rid of the separate IST setup step and makes the overall code simpler.

Thanks,

	tglx

[1] https://lore.kernel.org/r/20210426230949.3561-3-jiangshanlai@gmail.com
[2] https://lore.kernel.org/r/20210504171745.2249-1-bp@alien8.de
---
 include/asm/desc.h      |    2 --
 include/asm/processor.h |    1 +
 kernel/cpu/common.c     |   24 +++++++++++-------------
 kernel/idt.c            |   40 ++++++++++++----------------------------
 kernel/traps.c          |    9 +++------
 5 files changed, 27 insertions(+), 49 deletions(-)




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ