| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240822202226.862398-1-sohil.mehta@intel.com>
Date: Thu, 22 Aug 2024 20:22:26 +0000
From: Sohil Mehta <sohil.mehta@...el.com>
To: x86@...nel.org,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>,
Uros Bizjak <ubizjak@...il.com>,
Sohil Mehta <sohil.mehta@...el.com>,
Sandipan Das <sandipan.das@....com>,
Sean Christopherson <seanjc@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Vegard Nossum <vegard.nossum@...cle.com>,
Tony Luck <tony.luck@...el.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Nikolay Borisov <nik.borisov@...e.com>,
Eric Biggers <ebiggers@...gle.com>,
Xin Li <xin3.li@...el.com>,
linux-kernel@...r.kernel.org
Subject: [RFC PATCH] x86/cpufeature: Add feature dependency checks
Currently, the cpuid-deps[] table is only exercised when a particular
feature gets explicitly disabled and clear_cpu_cap() is called. However,
some of these listed dependencies might already be missing during boot.
Unexpected failures can occur when the kernel tries to use such a
feature.
Therefore, add boot time checks for missing feature dependencies and
disable any feature whose dependencies are not met.
Signed-off-by: Sohil Mehta <sohil.mehta@...el.com>
---
Arguably, this situation should only happen on broken hardware and it may not
make sense to add such a check to the kernel. OTOH, this can be viewed as a
safety mechanism to make failures more graceful on such configurations in real
or virtual environments.
I feel since we already have the cpuid-deps[] table and the incremental changes
are small, this patch might be a useful addition.
Also, if this check seems worthwhile, would it be useful to combine and rewrite
it with filter_cpuid_features() since it tries to do something similar?
---
arch/x86/include/asm/cpufeature.h | 1 +
arch/x86/kernel/cpu/common.c | 4 ++++
arch/x86/kernel/cpu/cpuid-deps.c | 10 ++++++++++
3 files changed, 15 insertions(+)
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 0b9611da6c53..347ef04f65ef 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -148,6 +148,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
extern void setup_clear_cpu_cap(unsigned int bit);
extern void clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit);
+extern void filter_feature_dependencies(struct cpuinfo_x86 *c);
#define setup_force_cpu_cap(bit) do { \
\
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index d4e539d4e158..6b725dbd8db7 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1602,6 +1602,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
c->cpu_index = 0;
filter_cpuid_features(c, false);
+ filter_feature_dependencies(c);
if (this_cpu->c_bsp_init)
this_cpu->c_bsp_init(c);
@@ -1854,6 +1855,9 @@ static void identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
+ /* Filter out features that don't have their dependencies met */
+ filter_feature_dependencies(c);
+
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index b7d9f530ae16..88b34a97278a 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -147,3 +147,13 @@ void setup_clear_cpu_cap(unsigned int feature)
{
do_clear_cpu_cap(NULL, feature);
}
+
+void filter_feature_dependencies(struct cpuinfo_x86 *c)
+{
+ const struct cpuid_dep *d;
+
+ for (d = cpuid_deps; d->feature; d++) {
+ if (boot_cpu_has(d->feature) && !boot_cpu_has(d->depends))
+ do_clear_cpu_cap(c, d->feature);
+ }
+}
--
2.34.1
Powered by blists - more mailing lists