lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 11 Apr 2024 22:43:22 +0800
From: Xi Ruoyao <xry111@...111.site>
To: Dave Hansen <dave.hansen@...ux.intel.com>,
	Michael Kelley <mhklinux@...look.com>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Cc: Andy Lutomirski <luto@...nel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	"H. Peter Anvin" <hpa@...or.com>,
	x86@...nel.org,
	linux-kernel@...r.kernel.org,
	Xi Ruoyao <xry111@...111.site>,
	Sean Christopherson <seanjc@...gle.com>,
	Andrew Cooper <andrew.cooper3@...rix.com>
Subject: [PATCH v7 2/2] x86/mm: Don't disable INVLPG if the kernel is running on a hypervisor

The Intel erratum for "incomplete Global INVLPG flushes" says:

    This erratum does not apply in VMX non-root operation. It applies
    only when PCIDs are enabled and either in VMX root operation or
    outside VMX operation.

So if the kernel is running in a hypervisor, we are in VMX non-root
operation and we should be safe to use INVLPG.

Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Michael Kelley <mhklinux@...look.com>
Cc: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Cc: Sean Christopherson <seanjc@...gle.com>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>
Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@tip-bot2/
Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13
Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24
Signed-off-by: Xi Ruoyao <xry111@...111.site>
---
 arch/x86/mm/init.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index c318cdc35467..e69d227ea123 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -296,7 +296,14 @@ static void setup_pcid(void)
 
 	invlpg_miss_match = x86_match_cpu(invlpg_miss_ids);
 
-	if (invlpg_miss_match &&
+	/*
+	 * The Intel errata claims: "this erratum does not apply in VMX
+	 * non-root operation.  It applies only when PCIDs are enabled
+	 * and either in VMX root operation or outside VMX operation."
+	 * So we are safe if we are surely running in a hypervisor.
+	 */
+	if (!boot_cpu_has(X86_FEATURE_HYPERVISOR) &&
+	    invlpg_miss_match &&
 	    boot_cpu_data.microcode < invlpg_miss_match->driver_data) {
 		pr_info("Incomplete global flushes, disabling PCID");
 		setup_clear_cpu_cap(X86_FEATURE_PCID);
-- 
2.44.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ