lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z8DIbMcUWEQYlL5w@gmail.com>
Date: Thu, 27 Feb 2025 21:17:48 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Sohil Mehta <sohil.mehta@...el.com>
Cc: x86@...nel.org, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H . Peter Anvin" <hpa@...or.com>, Uros Bizjak <ubizjak@...il.com>,
	Sandipan Das <sandipan.das@....com>,
	Sean Christopherson <seanjc@...gle.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Vegard Nossum <vegard.nossum@...cle.com>,
	Tony Luck <tony.luck@...el.com>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Nikolay Borisov <nik.borisov@...e.com>,
	Eric Biggers <ebiggers@...gle.com>, Xin Li <xin3.li@...el.com>,
	Alexander Shishkin <alexander.shishkin@...el.com>,
	Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] x86/cpufeature: Add feature dependency checks


* Sohil Mehta <sohil.mehta@...el.com> wrote:

> On 2/27/2025 10:46 AM, Ingo Molnar wrote:
> 
> >> +void filter_feature_dependencies(struct cpuinfo_x86 *c)
> >> +{
> >> +	char feature_buf[16], depends_buf[16];
> >> +	const struct cpuid_dep *d;
> >> +
> >> +	for (d = cpuid_deps; d->feature; d++) {
> >> +		if (cpu_has(c, d->feature) && !cpu_has(c, d->depends)) {
> >> +			pr_info("CPU%d: Disabling feature %s due to missing feature %s\n",
> >> +				smp_processor_id(),
> >> +				x86_feature_name(d->feature, feature_buf),
> >> +				x86_feature_name(d->depends, depends_buf));
> >> +			do_clear_cpu_cap(c, d->feature);
> >> +		}
> >> +	}
> > 
> > So let's not disable any CPU features actively for the time being, how 
> > about issuing a pr_warn() only about the dependency violation?
> > 
> > I think the main problem is when these problems slip through 100% 
> > unnoticed.
> > 
> 
> I guess you are right. Highlighting the issue is the main part. Beyond
> that we can leave the system behavior as-is for now.
> 
> Most of the listed dependencies seem to be spec-driven, though the
> kernel might create arbitrary dependencies for security reasons such as
> making LAM depend on LASS[1]. I think those can probably be handled on a
> case by case basis during specific feature enabling.
> 
> For the new pr_warn(), I am considering printing it only once per
> feature instead of printing it on every CPU (which could be 100s).

Yeah.

> But that would mean tracking it in a global feature_warn bitmap.
> 
> 	DECLARE_BITMAP(feature_warn, MAX_FEATURE_BITS);
> 
> Another option would be run the scan only on the BSP. But that could
> cause some issues to be missed[2].

Just use pr_warn_once().

Yes, this might cause subsequent CPU feature dependency problems to 
stay unreported, but the hope here is that these are rare and get 
fixed, right?

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ