| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Nov 2022 15:02:19 -0800
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Breno Leitao <leitao@...ian.org>, tglx@...utronix.de,
mingo@...hat.com, dave.hansen@...ux.intel.com, hpa@...or.com,
jpoimboe@...nel.org, peterz@...radead.org, x86@...nel.org,
cascardo@...onical.com, leit@...a.com, kexec@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/bugs: Explicitly clear speculative MSR bits
On Mon, Nov 28, 2022 at 11:40:19PM +0100, Borislav Petkov wrote:
>On Mon, Nov 28, 2022 at 02:03:58PM -0800, Pawan Gupta wrote:
>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>> index 3e3230cccaa7..cfc2ed2661fc 100644
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -66,7 +66,7 @@ static DEFINE_MUTEX(spec_ctrl_mutex);
>> */
>> void write_spec_ctrl_current(u64 val, bool force)
>> {
>> - if (this_cpu_read(x86_spec_ctrl_current) == val)
>> + if (!force && this_cpu_read(x86_spec_ctrl_current) == val)
>> return;
>> this_cpu_write(x86_spec_ctrl_current, val);
>
>Still looks hacky to me.
>
>I think it would be a lot cleaner if MSR_IA32_SPEC_CTRL gets cleaned of
>the speculation bits in init_speculation_control() which gets run on
>*every* CPU.
>
>So by the time check_bugs() gets to setup stuff, the MSR will be ready
>to go regardless.
>
>I.e., something like this (not supposed to work - just to show what I
>mean):
>
>diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
>index 73cc546e024d..367732c92942 100644
>--- a/arch/x86/kernel/cpu/common.c
>+++ b/arch/x86/kernel/cpu/common.c
>@@ -993,9 +993,19 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
> * Intel CPUs, for finer-grained selection of what's available.
> */
> if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
>+ u64 msr;
>+
> set_cpu_cap(c, X86_FEATURE_IBRS);
> set_cpu_cap(c, X86_FEATURE_IBPB);
> set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
>+
>+ /*
>+ * Clear speculation control settings from a previous kernel
>+ * run, i.e., kexec.
>+ */
>+ rdmsrl(MSR_IA32_SPEC_CTRL, msr);
>+ if (msr & SPEC_CTRL_MASK)
>+ wrmsr (MSR_IA32_SPEC_CTRL, msr & ~SPEC_CTRL_MASK);
Yes thats a cleaner approach, except that the late microcode load will
ruin the MSR:
microcode_reload_late()
microcode_check()
get_cpu_cap()
init_speculation_control()
Powered by blists - more mailing lists