| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <98b2d56f-767f-4074-a9f2-4d993880e2a5@suse.com>
Date: Wed, 10 Jul 2024 21:53:59 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: "Xin Li (Intel)" <xin@...or.com>, linux-kernel@...r.kernel.org
Cc: hpa@...or.com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, peterz@...radead.org,
andrew.cooper3@...rix.com, houwenlong.hwl@...group.com
Subject: Re: [PATCH v2 1/3] x86/fred: Parse cmdline param "fred=" in
cpu_parse_early_param()
On 9.07.24 г. 18:40 ч., Xin Li (Intel) wrote:
> Depending on whether FRED will be used, sysvec_install() installs
> a system interrupt handler into FRED system vector dispatch table
> or IDT. However FRED can be disabled later in trap_init(), after
> sysvec_install() is called. E.g., the HYPERVISOR_CALLBACK_VECTOR
> handler is registered with sysvec_install() in kvm_guest_init(),
> which is called in setup_arch() but way before trap_init(). IOW,
> there is a gap between FRED is available and available but disabled.
> As a result, when FRED is available but disabled, its IDT handler
> is not installed thus spurious_interrupt() will be invoked.
>
> Fix it by parsing cmdline param "fred=" in cpu_parse_early_param()
> to minimize the gap between FRED is available and available but
> disabled.
>
> Fixes: 3810da12710a ("x86/fred: Add a fred= cmdline param")
> Reported-by: Hou Wenlong <houwenlong.hwl@...group.com>
> Suggested-by: Thomas Gleixner <tglx@...utronix.de>
> Signed-off-by: Xin Li (Intel) <xin@...or.com>
> ---
>
> Change since v1:
> * Use strncmp() instead of strcmp().
> ---
> arch/x86/kernel/cpu/common.c | 5 +++++
> arch/x86/kernel/traps.c | 26 --------------------------
> 2 files changed, 5 insertions(+), 26 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index d4e539d4e158..10a5402d8297 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -1510,6 +1510,11 @@ static void __init cpu_parse_early_param(void)
> if (cmdline_find_option_bool(boot_command_line, "nousershstk"))
> setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
>
> + /* Minimize the gap between FRED is available and available but disabled. */
> + arglen = cmdline_find_option(boot_command_line, "fred", arg, sizeof(arg));
> + if (arglen != 2 || strncmp(arg, "on", 2))
I'm confused why you keep perverting the calling convention of
cmdline_find_option. The doc clearly states:
* Returns the position of that @option (starts counting with 1)
* or 0 on not found. @option will only be found if it is found
* as an entire word in @cmdline. For instance, if @option="car"
* then a cmdline which contains "cart" will not match.
You should only care if arglen is non 0, which if it is you check if its
value equal 'on', why bother with its starting position?
> + setup_clear_cpu_cap(X86_FEATURE_FRED);
> +
> arglen = cmdline_find_option(boot_command_line, "clearcpuid", arg, sizeof(arg));
> if (arglen <= 0)
> return;
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index 4fa0b17e5043..6afb41e6cbbb 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -1402,34 +1402,8 @@ DEFINE_IDTENTRY_SW(iret_error)
> }
> #endif
>
> -/* Do not enable FRED by default yet. */
> -static bool enable_fred __ro_after_init = false;
> -
> -#ifdef CONFIG_X86_FRED
> -static int __init fred_setup(char *str)
> -{
> - if (!str)
> - return -EINVAL;
> -
> - if (!cpu_feature_enabled(X86_FEATURE_FRED))
> - return 0;
> -
> - if (!strcmp(str, "on"))
> - enable_fred = true;
> - else if (!strcmp(str, "off"))
> - enable_fred = false;
> - else
> - pr_warn("invalid FRED option: 'fred=%s'\n", str);
> - return 0;
> -}
> -early_param("fred", fred_setup);
> -#endif
> -
> void __init trap_init(void)
> {
> - if (cpu_feature_enabled(X86_FEATURE_FRED) && !enable_fred)
> - setup_clear_cpu_cap(X86_FEATURE_FRED);
> -
> /* Init cpu_entry_area before IST entries are set up */
> setup_cpu_entry_areas();
>
Powered by blists - more mailing lists