lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 25 Jun 2024 09:30:41 -0700
From: Xin Li <xin@...or.com>
To: Thomas Gleixner <tglx@...utronix.de>,
        Hou Wenlong <houwenlong.hwl@...group.com>,
        linux-kernel@...r.kernel.org
Cc: Lai Jiangshan <jiangshan.ljs@...group.com>,
        Ingo Molnar
 <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, Xin Li <xin3.li@...el.com>,
        Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH 1/2] x86/fred: Always install system interrupt handler
 into IDT

On 6/25/2024 5:31 AM, Thomas Gleixner wrote:
> On Tue, Jun 25 2024 at 02:19, Xin Li wrote:
>> On 6/21/2024 6:12 AM, Hou Wenlong wrote:
>>> diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h
>>> index d4f24499b256..daee9f7765bc 100644
>>> --- a/arch/x86/include/asm/idtentry.h
>>> +++ b/arch/x86/include/asm/idtentry.h
>>> @@ -470,8 +470,7 @@ static inline void fred_install_sysvec(unsigned int vector, const idtentry_t fun
>>>    #define sysvec_install(vector, function) {				\
>>>    	if (cpu_feature_enabled(X86_FEATURE_FRED))			\
>>>    		fred_install_sysvec(vector, function);			\
>>> -	else								\
>>> -		idt_install_sysvec(vector, asm_##function);		\
>>
>> empty line, it improves readability.
>>
>> And please put a comment here to explain why this is unconditionally
>> done for IDT.
> 
> Wait. If we need this during early boot, then why don't we enable FRED
> earlier?

Unconditionally call idt_install_sysvec() is still needed, right?

But this sounds a smart move to me!  Because it helps to deal with not
only the initialization order issue, but also the following cases in a
longer term:

1) BIOS enables FRED and keeps it enabled when transferring control to
    Linux.  Then we just need to disable FRED when it is disabled in the
    kernel command line.

2) IDT support is removed from a kernel config thus a kernel binary, say
    a new kernel config CONFIG_X86_IDT is added and set to N.

And we need to:

1) Find a place to enable FRED as early as possible if not yet enabled.

2) Disable FRED when fred=off is in the kernel command line.

Anything I missed?

Thanks!
     Xin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ