lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <641393bd-c3d7-4bd0-a3c7-da600685be1b@zytor.com>
Date: Wed, 23 Jul 2025 07:08:43 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
        Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "Kirill A. Shutemov" <kas@...nel.org>,
        Alexander Potapenko <glider@...gle.com>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Xin Li <xin3.li@...el.com>,
        Sai Praneeth <sai.praneeth.prakhya@...el.com>,
        Jethro Beekman <jethro@...tanix.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Sean Christopherson <seanjc@...gle.com>,
        Tony Luck <tony.luck@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
        "Mike Rapoport (IBM)" <rppt@...nel.org>, Kees Cook <kees@...nel.org>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        Yu-cheng Yu <yu-cheng.yu@...el.com>
Cc: stable@...r.kernel.org, Borislav Petkov <bp@...e.de>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86: Clear feature bits disabled at compile-time

On 2025-07-23 02:22, Maciej Wieczor-Retman wrote:
> 
>  arch/x86/kernel/cpu/common.c       | 12 ++++++++++++
>  arch/x86/tools/cpufeaturemasks.awk |  8 ++++++++
>  2 files changed, 20 insertions(+)
> 
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 77afca95cced..ba8b5fba8552 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -1709,6 +1709,16 @@ static void __init cpu_parse_early_param(void)
>  	}
>  }
>  
> +static __init void init_cpu_cap(struct cpuinfo_x86 *c)
> +{
> +	int i;
> +
> +	for (i = 0; i < NCAPINTS; i++) {
> +		cpu_caps_set[i] = REQUIRED_MASK(i);
> +		cpu_caps_cleared[i] = DISABLED_MASK(i);
> +	}
> +}
> +

No... just use an static array initializer for cpu_caps_cleared[].  You
don't even need to add any code at all.

Ironically enough, I actually had those macros generated in the original
awk script version, but they weren't used.

And you MUST NOT initialize cpu_caps_set[].  What we *can* and probably
should do is, at the very end of the process, verify that the final mask
conforms to cpu_caps_set[] and print a nasty message and set the
TAINT_CPU_OUT_OF_SPEC flag:

	add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK)

... but that is a separate patch, and doesn't need to be backported.

Xin send me a patch privately (attached) but it needs to have the
REQUIRED_MASK_INIT_VALUES part removed and made into a proper patch.

Xin didn't add an SoB on it, but you can use mine:

Signed-off-by: H. Peter Anvin (Intel) <hpa@...or.com>

	-hpa

View attachment "xin.patch" of type "text/x-patch" (6630 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ