| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YtCwpjeRVu4LVOyF@quatroqueijos>
Date: Thu, 14 Jul 2022 21:11:18 -0300
From: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
stable@...r.kernel.org,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
antonio.gomez.iglesias@...ux.intel.com,
Josh Poimboeuf <jpoimboe@...nel.org>
Subject: Re: [PATCH v2] x86/bugs: Warn when "ibrs" mitigation is selected on
Enhanced IBRS parts
On Thu, Jul 14, 2022 at 04:15:35PM -0700, Pawan Gupta wrote:
> IBRS mitigation for spectre_v2 forces write to MSR_IA32_SPEC_CTRL at
> every kernel entry/exit. On Enhanced IBRS parts setting
> MSR_IA32_SPEC_CTRL[IBRS] only once at boot is sufficient. MSR writes at
> every kernel entry/exit incur unnecessary performance loss.
>
> When Enhanced IBRS feature is present, print a warning about this
> unnecessary performance loss.
>
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Reviewed-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
> ---
> v1->v2: Instead of changing the mitigation, print a warning about the
> perf loss.
>
> v1: https://lore.kernel.org/lkml/0456b35fb9ef957d9a9138e0913fb1a3fd445dff.1657747493.git.pawan.kumar.gupta@linux.intel.com/
>
> arch/x86/kernel/cpu/bugs.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 0dd04713434b..1c54fad3c54b 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -975,6 +975,7 @@ static inline const char *spectre_v2_module_string(void) { return ""; }
> #define SPECTRE_V2_LFENCE_MSG "WARNING: LFENCE mitigation is not recommended for this CPU, data leaks possible!\n"
> #define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n"
> #define SPECTRE_V2_EIBRS_LFENCE_EBPF_SMT_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS+LFENCE mitigation and SMT, data leaks possible via Spectre v2 BHB attacks!\n"
> +#define SPECTRE_V2_IBRS_PERF_MSG "WARNING: IBRS mitigation selected on Enhanced IBRS CPU, this may cause unnecessary performance loss\n"
>
> #ifdef CONFIG_BPF_SYSCALL
> void unpriv_ebpf_notify(int new_state)
> @@ -1415,6 +1416,8 @@ static void __init spectre_v2_select_mitigation(void)
>
> case SPECTRE_V2_IBRS:
> setup_force_cpu_cap(X86_FEATURE_KERNEL_IBRS);
> + if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED))
> + pr_warn(SPECTRE_V2_IBRS_PERF_MSG);
> break;
>
> case SPECTRE_V2_LFENCE:
>
> base-commit: 4a57a8400075bc5287c5c877702c68aeae2a033d
> --
> 2.35.3
>
>
Powered by blists - more mailing lists