lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221128230219.urqiol42rikdhy2u@desk>
Date:   Mon, 28 Nov 2022 15:02:19 -0800
From:   Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Breno Leitao <leitao@...ian.org>, tglx@...utronix.de,
        mingo@...hat.com, dave.hansen@...ux.intel.com, hpa@...or.com,
        jpoimboe@...nel.org, peterz@...radead.org, x86@...nel.org,
        cascardo@...onical.com, leit@...a.com, kexec@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/bugs: Explicitly clear speculative MSR bits

On Mon, Nov 28, 2022 at 11:40:19PM +0100, Borislav Petkov wrote:
>On Mon, Nov 28, 2022 at 02:03:58PM -0800, Pawan Gupta wrote:
>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>> index 3e3230cccaa7..cfc2ed2661fc 100644
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -66,7 +66,7 @@ static DEFINE_MUTEX(spec_ctrl_mutex);
>>   */
>>  void write_spec_ctrl_current(u64 val, bool force)
>>  {
>> -	if (this_cpu_read(x86_spec_ctrl_current) == val)
>> +	if (!force && this_cpu_read(x86_spec_ctrl_current) == val)
>>  		return;
>>  	this_cpu_write(x86_spec_ctrl_current, val);
>
>Still looks hacky to me.
>
>I think it would be a lot cleaner if MSR_IA32_SPEC_CTRL gets cleaned of
>the speculation bits in init_speculation_control() which gets run on
>*every* CPU.
>
>So by the time check_bugs() gets to setup stuff, the MSR will be ready
>to go regardless.
>
>I.e., something like this (not supposed to work - just to show what I
>mean):
>
>diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
>index 73cc546e024d..367732c92942 100644
>--- a/arch/x86/kernel/cpu/common.c
>+++ b/arch/x86/kernel/cpu/common.c
>@@ -993,9 +993,19 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
> 	 * Intel CPUs, for finer-grained selection of what's available.
> 	 */
> 	if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
>+		u64 msr;
>+
> 		set_cpu_cap(c, X86_FEATURE_IBRS);
> 		set_cpu_cap(c, X86_FEATURE_IBPB);
> 		set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
>+
>+		/*
>+		 * Clear speculation control settings from a previous kernel
>+		 * run, i.e., kexec.
>+		 */
>+		rdmsrl(MSR_IA32_SPEC_CTRL, msr);
>+		if (msr & SPEC_CTRL_MASK)
>+			wrmsr (MSR_IA32_SPEC_CTRL, msr & ~SPEC_CTRL_MASK);

Yes thats a cleaner approach, except that the late microcode load will
ruin the MSR:

microcode_reload_late()
   microcode_check()
     get_cpu_cap()
       init_speculation_control()

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ