lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aA34I9rY1-1QQo0R@gmail.com>
Date: Sun, 27 Apr 2025 11:25:55 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Arnd Bergmann <arnd@...nel.org>
Cc: "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
	"Ahmed S . Darwish" <darwi@...utronix.de>,
	Andrew Cooper <andrew.cooper3@...rix.com>,
	Ard Biesheuvel <ardb@...nel.org>, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	John Ogness <john.ogness@...utronix.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 13/15] x86/cpu: Make CONFIG_X86_CX8 unconditional


* Arnd Bergmann <arnd@...nel.org> wrote:

> On Fri, Apr 25, 2025, at 17:15, H. Peter Anvin wrote:
> > On April 25, 2025 5:10:27 AM PDT, Arnd Bergmann <arnd@...nel.org> wrote:
> >>
> >>I just noticed this one: the final 'default "4"' is no longer possible
> >>here and can be removed. All the remaining CPUs report family "5" or
> >>higher.
> >>
> >>There is an old issue for some rare CPUs (Geode LX and Crusoe) that
> >>support CMOV but report family=6. These to boot a kernel with X86_MINIMUM_CPU_FAMILY=6 because it triggers the boot time check.
> >>
> >
> > They report family=5 because family=6 implies fcomi and nopl support 
> > (in the case of Crusoe, they have fcomi but didn't support movl.)
> 
> Ah right, I see now. I had only checked that the kernel itself
> no longer uses nopl after your ba0593bf553c ("x86: completely
> disable NOPL on 32 bits"), and I had seen that Debian intentionally
> builds 32-bit i686 kernels with CONFIG_MGEODEGX1.
> 
> I now found that both Debian 12 and gcc 11 changed their definition
> if 686 to actually require nopl for Indirect branch tracking 
> (-fcf-protection) in user space, as discussed in
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104713
> 
> So even if it makes sense for GeodeLX specific kernel to use CMOV,
> any general-purpose i686 distro would still want to enable IBT
> in userspace to gain IBT on Tiger Lake and newer 64-bit CPUs.

And the kernel Debian 12 uses is a "686" one:

  ./pool/main/l/linux-signed-i386/linux-image-6.1.0-32-686_6.1.129-1_i386.deb
  ./pool/main/l/linux-signed-i386/linux-image-686_6.1.129-1_i386.deb

and the kernel is set to CONFIG_MGEODE_LX=y:

  $ grep CONFIG_MGEODE_LX ./boot/config-6.1.0-32-686
  CONFIG_MGEODE_LX=y

... which CPU has CMOV support:

  config X86_CMOV
        def_bool y
        depends on (MK7 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || MATOM || MGEODE_LX || X86_64)                                                                                                                                                                                                                                           ^^^^^^^^^
So I'd argue that the kernel's x86-32 CPU support cutoff should match 
the i386 CPU support cutoff of the Debian i386 installer.

Survey of other distros:

 - Fedora dropped x86-32 with Fedora 31, almost 5 years ago.

 - Ubuntu dropped x86-32 after 18 LTS, more than 5 years ago. The LTS 
   kernel is v5.6 based.

 - Arch Linux dropped i686 support even earlier than that, the 
   spin-off-community project of archlinux32.org has 486 and 686 
   variants. 686 variant includes CMOV.

 - Gentoo has an 'x86' variant with 486 and 686 stages. 686 stage 
   includes CMOV.

Ie. I think we can also make CMOV a hard requirement, and keep support 
for all family 5 CPUs that have CMOV and have a chance to boot current 
32-bit distros. Even distros that had 486 builds have 686 variants that 
should still work.

I.e. remove support for M586MMX, M586TSC, MCYRIXIII, MGEODEGX1 and MK6 
as well, these don't have CMOV support and won't even boot i386 Debian 
12.

Summary, the plan would be to remove support for the following pre-CMOV 
CPUs (the ones not yet in this series are marked 'NEW'):

  M486
  M486SX
  M586
  M586MMX         # NEW
  M586TSC         # NEW
  MCYRIXIII       # NEW
  MELAN
  MGEODEGX1       # NEW
  MK6             # NEW
  MWINCHIP3D
  MWINCHIPC6

And to keep these:

  M686
  MATOM
  MCRUSOE
  MEFFICEON
  MGEODE_LX
  MK7
  MPENTIUM4
  MPENTIUMII
  MPENTIUMIII
  MPENTIUMM
  MVIAC3_2
  MVIAC7

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ