| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Mar 2022 10:20:26 +0200
From: Ricardo Cañuelo <ricardo.canuelo@...labora.com>
To: linux-kernel@...r.kernel.org
Cc: Ricardo Cañuelo <ricardo.canuelo@...labora.com>,
Borislav Petkov <bp@...en8.de>,
Thadeu Lima de Souza Cascardo <cascardo@...onical.com>,
Mark Gross <mgross@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
John Johansen <john.johansen@...onical.com>,
Steve Beattie <sbeattie@...ntu.com>, kernel@...labora.com
Subject: [PATCH v2] x86/speculation/srbds: do not try to turn mitigation off when not supported
When SRBDS is mitigated by TSX OFF, update_srbds_msr will still read and
write to MSR_IA32_MCU_OPT_CTRL even when that is not supported by the
microcode.
Checking for X86_FEATURE_SRBDS_CTRL as a CPU feature available makes more
sense than checking for SRBDS_MITIGATION_UCODE_NEEDED as the found
"mitigation".
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
Signed-off-by: Borislav Petkov <bp@...en8.de>
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@...labora.com>
Tested-by: Ricardo Cañuelo <ricardo.canuelo@...labora.com>
---
Hi all,
This patch was originally posted here:
https://lore.kernel.org/all/20200609174313.2600320-1-cascardo@canonical.com/#t
by Boris, based on the original patch by Cascardo, I didn't make any
changes to it. I didn't see it merged or discussed further and I can
still reproduce the issue on a Samsung Galaxy Chromebook 2 (Intel
Cometlake-U). When booted without the proper CPU u-codes, TSX is
disabled (so the CPU isn't vulnerable to SRDBS) but this code still
tries to access an unavailable MSR register so I get these two warning
messages:
unchecked MSR access error: RDMSR from 0x123 at rIP: 0xffffffff8203707e (update_srbds_msr+0x2e/0xa0)
Call Trace:
<TASK>
check_bugs+0x994/0xa6e
? __get_locked_pte+0x8f/0x100
start_kernel+0x630/0x664
secondary_startup_64_no_verify+0xd5/0xdb
</TASK>
unchecked MSR access error: WRMSR to 0x123 (tried to write 0x0000000000000001) at rIP: 0xffffffff820370a9 (update_srbds_msr+0x59/0xa0)
Call Trace:
<TASK>
check_bugs+0x994/0xa6e
? __get_locked_pte+0x8f/0x100
start_kernel+0x630/0x664
secondary_startup_64_no_verify+0xd5/0xdb
</TASK>
This patch avoids them.
arch/x86/kernel/cpu/bugs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6296e1ebed1d..9b14cb2ec693 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -443,14 +443,14 @@ void update_srbds_msr(void)
if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
return;
- if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED)
+ if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED ||
+ srbds_mitigation == SRBDS_MITIGATION_TSX_OFF)
return;
rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
switch (srbds_mitigation) {
case SRBDS_MITIGATION_OFF:
- case SRBDS_MITIGATION_TSX_OFF:
mcu_ctrl |= RNGDS_MITG_DIS;
break;
case SRBDS_MITIGATION_FULL:
--
2.25.1
Powered by blists - more mailing lists