| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <13af1f0e-f9ca-4e68-b582-f9be83453d89@intel.com> Date: Tue, 1 Jul 2025 15:51:01 -0700 From: Sohil Mehta <sohil.mehta@...el.com> To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Ard Biesheuvel <ardb@...nel.org>, "Paul E. McKenney" <paulmck@...nel.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Xiongwei Song <xiongwei.song@...driver.com>, Xin Li <xin3.li@...el.com>, "Mike Rapoport (IBM)" <rppt@...nel.org>, Brijesh Singh <brijesh.singh@....com>, Michael Roth <michael.roth@....com>, Tony Luck <tony.luck@...el.com>, Alexey Kardashevskiy <aik@....com>, Alexander Shishkin <alexander.shishkin@...ux.intel.com> CC: Jonathan Corbet <corbet@....net>, Ingo Molnar <mingo@...nel.org>, "Pawan Gupta" <pawan.kumar.gupta@...ux.intel.com>, Daniel Sneddon <daniel.sneddon@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, "Sandipan Das" <sandipan.das@....com>, Breno Leitao <leitao@...ian.org>, Rick Edgecombe <rick.p.edgecombe@...el.com>, Alexei Starovoitov <ast@...nel.org>, Hou Tao <houtao1@...wei.com>, Juergen Gross <jgross@...e.com>, Vegard Nossum <vegard.nossum@...cle.com>, Kees Cook <kees@...nel.org>, Eric Biggers <ebiggers@...gle.com>, Jason Gunthorpe <jgg@...pe.ca>, "Masami Hiramatsu (Google)" <mhiramat@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Luis Chamberlain <mcgrof@...nel.org>, Yuntao Wang <ytcoode@...il.com>, "Rasmus Villemoes" <linux@...musvillemoes.dk>, Christophe Leroy <christophe.leroy@...roup.eu>, Tejun Heo <tj@...nel.org>, Changbin Du <changbin.du@...wei.com>, Huang Shijie <shijie@...amperecomputing.com>, "Geert Uytterhoeven" <geert+renesas@...der.be>, Namhyung Kim <namhyung@...nel.org>, Arnaldo Carvalho de Melo <acme@...hat.com>, <linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-efi@...r.kernel.org>, <linux-mm@...ck.org> Subject: Re: [PATCHv8 11/17] x86/cpu: Set LASS CR4 bit as pinning sensitive On 7/1/2025 2:58 AM, Kirill A. Shutemov wrote: > From: Yian Chen <yian.chen@...el.com> > > Security features such as LASS are not expected to be disabled once > initialized. Add LASS to the CR4 pinned mask. > > Signed-off-by: Yian Chen <yian.chen@...el.com> > Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com> > Reviewed-by: Tony Luck <tony.luck@...el.com> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com> > --- > arch/x86/kernel/cpu/common.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > I think this CR4 pinning change can be merged with the other CR pinning related patch (#4). At a minimum, this should be placed close to that patch to make logical sense. 1) Add LASS to the CR4 pinned mask 2) Defer CR pinning since it would cause XYZ issue. Or the other way around. Anyway, Reviewed-by: Sohil Mehta <sohil.mehta@...el.com> > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index 9918121e0adc..1552c7510380 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -403,7 +403,8 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c) > > /* These bits should not change their value after CPU init is finished. */ > static const unsigned long cr4_pinned_mask = X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | > - X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED; > + X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED | > + X86_CR4_LASS; > static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); > static unsigned long cr4_pinned_bits __ro_after_init; >
Powered by blists - more mailing lists