| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56dbbd52-93bd-2c70-3862-3b62231a4024@amd.com>
Date: Fri, 11 Feb 2022 15:17:16 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Mario Limonciello <mario.limonciello@....com>,
Borislav Petkov <bp@...en8.de>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>
Cc: Kees Cook <keescook@...omium.org>, hughsient@...il.com,
Martin Fernandez <martin.fernandez@...ypsium.com>,
linux-kernel@...r.kernel.org, Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v2 3/4] x86/cpu: clear SME features when not in use
On 2/11/22 15:02, Mario Limonciello wrote:
> Currently the SME CPU feature flag is reflective of whether the CPU
> supports the features but not whether they have been activated by the
> kernel.
>
> Change this around to clear the features if the kernel is not using
> them so userspace can determine if they are available and in use
> from `/proc/cpuinfo`.
>
> As the feature flag is now cleared on systems that SME isn't active
> use CPUID 0x8000001f to confirm SME availability before calling
> `native_wbinvd`.
>
> Signed-off-by: Mario Limonciello <mario.limonciello@....com>
> ---
>
> + if (!sme_me_mask)
> + goto clear_all;
> +
This is incorrect. Just because host memory encryption is not active
doesn't mean that SEV guests can't be run. This should only clear the SME
feature bit.
Thanks,
Tom
Powered by blists - more mailing lists