| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YfKChjX61OW4CkYm@hirez.programming.kicks-ass.net>
Date: Thu, 27 Jan 2022 12:31:18 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Andrew Cooper <Andrew.Cooper3@...rix.com>
Cc: Kyle Huey <me@...ehuey.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Kan Liang <kan.liang@...ux.intel.com>,
"linux-perf-users@...r.kernel.org" <linux-perf-users@...r.kernel.org>,
"H. Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Borislav Petkov <bp@...en8.de>,
Thomas Gleixner <tglx@...utronix.de>,
Namhyung Kim <namhyung@...nel.org>,
Jiri Olsa <jolsa@...hat.com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Mark Rutland <mark.rutland@....com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Ingo Molnar <mingo@...hat.com>,
Robert O'Callahan <rocallahan@...il.com>,
Keno Fischer <keno@...iacomputing.com>
Subject: Re: [PATCH] x86/perf: Default freeze_on_smi on for Comet Lake and
later.
On Thu, Jan 27, 2022 at 02:22:23AM +0000, Andrew Cooper wrote:
> Frankly, it is an error that FREEZE_WHILE_SMM is under the kernels
> control, and not SMM's control. After all, it's SMM handling all the
> UEFI secrets/etc.
>
> Linux ought to set FREEZE_WHILE_SMM unilaterally, because most kernel
> profiling probably won't want interference from SMM. Root can always
> disable FREEZE_WHILE_SMM if profiling is really wanted.
>
> I'm not sure if anything can be done on pre-FREEZE_WHILE_SMM CPUs. Nor
> AMD CPUs which are also gaining CPL3 SMM logic, and don't appear to have
> any equivalent functionality.
Which suggests something like this?
---
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index c91434056c29..5874fa088630 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -4703,6 +4703,19 @@ static __initconst const struct x86_pmu intel_pmu = {
.lbr_read = intel_pmu_lbr_read_64,
.lbr_save = intel_pmu_lbr_save,
.lbr_restore = intel_pmu_lbr_restore,
+
+ /*
+ * SMM has access to all 4 rings and while traditionally SMM code only
+ * ran in CPL0, newer firmware is starting to make use of CPL3 in SMM.
+ *
+ * Since the EVENTSEL.{USR,OS} CPL filtering makes no distinction
+ * between SMM or not, this results in what should be pure userspace
+ * counters including SMM data.
+ *
+ * This is a clear privilege issue, therefore globally disable
+ * counting SMM by default.
+ */
+ .attr_freeze_on_smi = 1,
};
static __init void intel_clovertown_quirk(void)
Powered by blists - more mailing lists