| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Oct 2022 16:53:55 -0700
From: "Joseph, Jithu" <jithu.joseph@...el.com>
To: Sohil Mehta <sohil.mehta@...el.com>
CC: <tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>,
<dave.hansen@...ux.intel.com>, <x86@...nel.org>, <hpa@...or.com>,
<gregkh@...uxfoundation.org>, <ashok.raj@...el.com>,
<tony.luck@...el.com>, <linux-kernel@...r.kernel.org>,
<platform-driver-x86@...r.kernel.org>, <patches@...ts.linux.dev>,
<ravi.v.shankar@...el.com>, <thiago.macieira@...el.com>,
<athenas.jimenez.gonzalez@...el.com>, <markgross@...nel.org>,
<hdegoede@...hat.com>
Subject: Re: [PATCH 04/14] platform/x86/intel/ifs: Remove image loading during
init
On 10/24/2022 11:06 PM, Sohil Mehta wrote:
> On 10/24/2022 5:41 PM, Joseph, Jithu wrote:
>>>> diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c
>>>> index 27204e3d674d..5fb7f655c291 100644
>>>> --- a/drivers/platform/x86/intel/ifs/core.c
>>>> +++ b/drivers/platform/x86/intel/ifs/core.c
>>>> @@ -51,12 +51,8 @@ static int __init ifs_init(void)
>>>> ifs_device.misc.groups = ifs_get_groups();
>>>> if ((msrval & BIT(ifs_device.data.integrity_cap_bit)) &&
>>>
>>> Is there a reason to store the integrity cap constant in the device.data global structure?
>>>
>>> .data = {
>>> .integrity_cap_bit = MSR_INTEGRITY_CAPS_PERIODIC_BIST_BIT,
>>> },
>>
>> This was originally added so that, when future additional tests are supported by the driver, support can be checked using the same if ((msrval & BIT(ifs_device.data.integrity_cap_bit)
>> Different tests would have different integrity_cap_bit assigned in the ifs_device[] array (today it is just a single element and not an array
>>
>> Note that the current series doesn't introduce this
>>
>>
>
> Sorry, I am still not able to follow.
>
> Let's say you have an ifs_device[] array which has different integrity capabilities, there would still need to be some logic in the init code to differentiate between the resulting action that needs to be taken? Currently, the init function only registers the device. Maybe some example/code might be helpful to drive the point.
multiple devices will be created if support for more than one is advertised by MSR_INTEGRITY_CAPS as shown below
static int __init ifs_init(void)
{
....
if (rdmsrl_safe(MSR_INTEGRITY_CAPS, &msrval))
return -ENODEV;
for (i = 0; i < IFS_NUMTESTS; i++) {
if (!(msrval & BIT(ifs_devices[i].data.integrity_cap_bit)))
continue;
ifs_devices[i].misc.groups = ifs_get_groups();
if (!misc_register(&ifs_devices[i].misc)) {
ndevices++;
}
}
return ndevices ? 0 : -ENODEV;
}
At the handler side we can branch to the corresponding handler by looking at this bit
Say for e.g the following function in runtest.c could be extended to something like
int do_core_test(int cpu, struct device *dev)
{
struct ifs_data *ifsd = ifs_get_data(dev);
.....
switch (ifsd->integrity_cap_bit) {
case MSR_INTEGRITY_CAPS_PERIODIC_BIST_BIT:
ifs_test_core(cpu, dev);
break;
case MSR_INTEGRITY_CAPS_TEST2
ifs_do_test2(cpu, dev);
break;
case MSR_INTEGRITY_CAPS_TEST3
ifs_do_test3(cpu, dev);
break;
default:
return -EINVAL;
}
....
}
Jithu
Powered by blists - more mailing lists