lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240327032403.llcp3rj4glf7if75@desk>
Date: Tue, 26 Mar 2024 20:24:03 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Xi Ruoyao <xry111@...111.site>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
	Michael Kelley <mhklinux@...look.com>,
	Andy Lutomirski <luto@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] x86/mm: Don't disable INVLPG if "incomplete Global
 INVLPG flushes" is fixed by microcode

On Wed, Mar 27, 2024 at 12:30:27AM +0800, Xi Ruoyao wrote:
> Per the "Processor Specification Update" documentations referred by the
> intel-microcode-20240312 release note, this microcode release has fixed
> the issue for all affected models.
> 
> So don't disable INVLPG if the microcode is new enough.  The precise
> minimum microcode revision fixing the issue is provided by engineer from
> Intel.
> 
> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/
> Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
> Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13
> Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24
> Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/
> Reviewed-by: Michael Kelley <mhklinux@...look.com>
> Signed-off-by: Xi Ruoyao <xry111@...111.site>
> ---
>  arch/x86/mm/init.c | 39 +++++++++++++++++++++++++++------------
>  1 file changed, 27 insertions(+), 12 deletions(-)
> 
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index 679893ea5e68..475b2d728acc 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -261,33 +261,48 @@ static void __init probe_page_size_mask(void)
>  	}
>  }
>  
> -#define INTEL_MATCH(_model) { .vendor  = X86_VENDOR_INTEL,	\
> -			      .family  = 6,			\
> -			      .model = _model,			\
> -			    }
> +#define INTEL_MATCH(_model, _fixed_microcode)	\
> +	{					\
> +	  .vendor	= X86_VENDOR_INTEL,	\
> +	  .family	= 6,			\
> +	  .model	= _model,		\
> +	  .driver_data	= _fixed_microcode,	\
> +	}
> +
>  /*
>   * INVLPG may not properly flush Global entries
> - * on these CPUs when PCIDs are enabled.
> + * on these CPUs when PCIDs are enabled and the
> + * microcode is not updated to fix the issue.
>   */
>  static const struct x86_cpu_id invlpg_miss_ids[] = {
> -	INTEL_MATCH(INTEL_FAM6_ALDERLAKE   ),
> -	INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ),
> -	INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT ),
> -	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE  ),
> -	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P),
> -	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S),
> +	INTEL_MATCH(INTEL_FAM6_ALDERLAKE,	0x2e),
> +	INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L,	0x42c),
> +	INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT,	0x11),
> +	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE,	0x118),
> +	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P,	0x4117),
> +	INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S,	0x2e),
>  	{}
>  };
>  
>  static void setup_pcid(void)
>  {
> +	const struct x86_cpu_id *invlpg_miss_match;
> +
>  	if (!IS_ENABLED(CONFIG_X86_64))
>  		return;
>  
>  	if (!boot_cpu_has(X86_FEATURE_PCID))
>  		return;
>  
> -	if (x86_match_cpu(invlpg_miss_ids)) {
> +	invlpg_miss_match = x86_match_cpu(invlpg_miss_ids);
> +
> +	/*
> +	 * The hypervisor may lie about the microcode revision, conservatively
> +	 * consider the microcode not updated.
> +	 */
> +	if (invlpg_miss_match &&
> +	    (boot_cpu_has(X86_FEATURE_HYPERVISOR) ||
> +	     invlpg_miss_match->driver_data > boot_cpu_data.microcode)) {

Nit, I think below reads better:

	     boot_cpu_data.microcode < invlpg_miss_match->driver_data)) {

>  		pr_info("Incomplete global flushes, disabling PCID");
>  		setup_clear_cpu_cap(X86_FEATURE_PCID);
>  		return;

Reviewed-by: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ