lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 12 Apr 2024 10:23:49 -0700
From: Jithu Joseph <jithu.joseph@...el.com>
To: ilpo.jarvinen@...ux.intel.com,
	hdegoede@...hat.com,
	markgross@...nel.org
Cc: linux-kernel@...r.kernel.org,
	platform-driver-x86@...r.kernel.org,
	jithu.joseph@...el.com,
	ashok.raj@...el.com,
	tony.luck@...el.com,
	rostedt@...dmis.org,
	sathyanarayanan.kuppuswamy@...el.com,
	ravi.v.shankar@...el.com,
	patches@...ts.linux.dev
Subject: [PATCH 3/3] platform/x86/intel/ifs: Disable irq during one load stage

One of the stages in IFS image loading process involves loading individual
chunks (test patterns) from test image file to secure memory.

Driver issues a WRMSR(MSR_AUTHENTICATE_AND_COPY_CHUNK) operation to do
this. This operation can take up to 5 msec, and if an interrupt occurs
in between, the AUTH_AND_COPY_CHUNK u-code implementation aborts the
operation.

Interrupt sources such as NMI or SMI are handled by retrying. Regular
interrupts may occur frequently enough to prevent this operation from ever
completing. Disable irq on local cpu around the aforementioned WRMSR to
allow the operation to complete.

Signed-off-by: Jithu Joseph <jithu.joseph@...el.com>
Reviewed-by: Tony Luck <tony.luck@...el.com>
Reviewed-by: Ashok Raj <ashok.raj@...el.com>
---
 drivers/platform/x86/intel/ifs/load.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index 584c44387e10..39f19cb51749 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -233,7 +233,9 @@ static int copy_hashes_authenticate_chunks_gen2(struct device *dev)
 		chunk_table[0] = starting_chunk_nr + i;
 		chunk_table[1] = linear_addr;
 		do {
+			local_irq_disable();
 			wrmsrl(MSR_AUTHENTICATE_AND_COPY_CHUNK, (u64)chunk_table);
+			local_irq_enable();
 			rdmsrl(MSR_CHUNKS_AUTHENTICATION_STATUS, chunk_status.data);
 			err_code = chunk_status.error_code;
 		} while (err_code == AUTH_INTERRUPTED_ERROR && --retry_count);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ