| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240329065742.fc5of75e776y2g4b@desk>
Date: Thu, 28 Mar 2024 23:57:42 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: "Chang S. Bae" <chang.seok.bae@...el.com>
Cc: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
dm-devel@...hat.com, ebiggers@...nel.org, luto@...nel.org,
dave.hansen@...ux.intel.com, tglx@...utronix.de, bp@...en8.de,
mingo@...nel.org, x86@...nel.org, herbert@...dor.apana.org.au,
ardb@...nel.org, elliott@....com, dan.j.williams@...el.com,
bernie.keany@...el.com, charishma1.gairuboyina@...el.com,
Dave Hansen <dave.hansen@...el.com>
Subject: Re: [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling
mitigation
On Thu, Mar 28, 2024 at 06:53:42PM -0700, Chang S. Bae wrote:
> +/*
> + * The mitigation is implemented at a microcode level. Ensure that the
> + * microcode update is applied and the mitigation is locked.
> + */
> +static bool __init have_gds_mitigation(void)
> +{
> + u64 mcu_ctrl;
> +
> + /* GDS_CTRL is set if new microcode is loaded. */
> + if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL))
> + goto vulnerable;
> +
> + /* If GDS_MITG_LOCKED is set, GDS_MITG_DIS is forced to 0. */
> + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
> + if (mcu_ctrl & GDS_MITG_LOCKED)
> + return true;
Similar to RFDS, above checks can be simplified to:
if (gds_mitigation == GDS_MITIGATION_FULL_LOCKED)
return true;
> +
> +vulnerable:
> + pr_warn("x86/keylocker: Susceptible to the GDS vulnerability.\n");
> + return false;
> +}
Powered by blists - more mailing lists