| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Mar 2024 20:24:03 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Xi Ruoyao <xry111@...111.site>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
Michael Kelley <mhklinux@...look.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] x86/mm: Don't disable INVLPG if "incomplete Global
INVLPG flushes" is fixed by microcode
On Wed, Mar 27, 2024 at 12:30:27AM +0800, Xi Ruoyao wrote:
> Per the "Processor Specification Update" documentations referred by the
> intel-microcode-20240312 release note, this microcode release has fixed
> the issue for all affected models.
>
> So don't disable INVLPG if the microcode is new enough. The precise
> minimum microcode revision fixing the issue is provided by engineer from
> Intel.
>
> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/
> Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
> Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13
> Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24
> Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/
> Reviewed-by: Michael Kelley <mhklinux@...look.com>
> Signed-off-by: Xi Ruoyao <xry111@...111.site>
> ---
> arch/x86/mm/init.c | 39 +++++++++++++++++++++++++++------------
> 1 file changed, 27 insertions(+), 12 deletions(-)
>
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index 679893ea5e68..475b2d728acc 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -261,33 +261,48 @@ static void __init probe_page_size_mask(void)
> }
> }
>
> -#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \
> - .family = 6, \
> - .model = _model, \
> - }
> +#define INTEL_MATCH(_model, _fixed_microcode) \
> + { \
> + .vendor = X86_VENDOR_INTEL, \
> + .family = 6, \
> + .model = _model, \
> + .driver_data = _fixed_microcode, \
> + }
> +
> /*
> * INVLPG may not properly flush Global entries
> - * on these CPUs when PCIDs are enabled.
> + * on these CPUs when PCIDs are enabled and the
> + * microcode is not updated to fix the issue.
> */
> static const struct x86_cpu_id invlpg_miss_ids[] = {
> - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ),
> - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ),
> - INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT ),
> - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ),
> - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P),
> - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S),
> + INTEL_MATCH(INTEL_FAM6_ALDERLAKE, 0x2e),
> + INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L, 0x42c),
> + INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT, 0x11),
> + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE, 0x118),
> + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P, 0x4117),
> + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S, 0x2e),
> {}
> };
>
> static void setup_pcid(void)
> {
> + const struct x86_cpu_id *invlpg_miss_match;
> +
> if (!IS_ENABLED(CONFIG_X86_64))
> return;
>
> if (!boot_cpu_has(X86_FEATURE_PCID))
> return;
>
> - if (x86_match_cpu(invlpg_miss_ids)) {
> + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids);
> +
> + /*
> + * The hypervisor may lie about the microcode revision, conservatively
> + * consider the microcode not updated.
> + */
> + if (invlpg_miss_match &&
> + (boot_cpu_has(X86_FEATURE_HYPERVISOR) ||
> + invlpg_miss_match->driver_data > boot_cpu_data.microcode)) {
Nit, I think below reads better:
boot_cpu_data.microcode < invlpg_miss_match->driver_data)) {
> pr_info("Incomplete global flushes, disabling PCID");
> setup_clear_cpu_cap(X86_FEATURE_PCID);
> return;
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Powered by blists - more mailing lists