| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250724094554.2153919-1-maciej.wieczor-retman@intel.com>
Date: Thu, 24 Jul 2025 11:45:51 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Kyung Min Park <kyung.min.park@...el.com>,
Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>
Cc: xin3.li@...el.com,
maciej.wieczor-retman@...el.com,
Farrah Chen <farrah.chen@...el.com>,
stable@...r.kernel.org,
Borislav Petkov <bp@...e.de>,
linux-kernel@...r.kernel.org
Subject: [PATCH v3] x86: Clear feature bits disabled at compile-time
If some config options are disabled during compile time, they still are
enumerated in macros that use the x86_capability bitmask - cpu_has() or
this_cpu_has().
The features are also visible in /proc/cpuinfo even though they are not
enabled - which is contrary to what the documentation states about the
file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
split_lock_detect, user_shstk, avx_vnni and enqcmd.
Add a DISABLED_MASK_INITIALIZER() macro that creates an initializer list
filled with DISABLED_MASKx bitmasks.
Initialize the cpu_caps_cleared array with the autogenerated disabled
bitmask.
Fixes: ea4e3bef4c94 ("Documentation/x86: Add documentation for /proc/cpuinfo feature flags")
Reported-by: Farrah Chen <farrah.chen@...el.com>
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: <stable@...r.kernel.org>
---
Changelog v3:
- Remove Fixes: tags, keep only one at the point where the documentation
changed and promised feature bits wouldn't show up if they're not
enabled.
- Don't use a helper to initialize cpu_caps_cleared, just statically
initialize it.
- Remove changes to cpu_caps_set.
- Rewrite patch message to account for changes.
Changelog v2:
- Redo the patch to utilize a more generic solution, not just fix the
LAM and FRED feature bits.
- Note more feature flags that shouldn't be present.
- Add fixes and cc tags.
arch/x86/kernel/cpu/common.c | 3 ++-
arch/x86/tools/cpufeaturemasks.awk | 6 ++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 77afca95cced..061e91922725 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -704,7 +704,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c)
}
/* Aligned to unsigned long to avoid split lock in atomic bitmap ops */
-__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
+__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)) =
+ DISABLED_MASK_INIT_VALUES;
__u32 cpu_caps_set[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
#ifdef CONFIG_X86_32
diff --git a/arch/x86/tools/cpufeaturemasks.awk b/arch/x86/tools/cpufeaturemasks.awk
index 173d5bf2d999..6ebaa27f1275 100755
--- a/arch/x86/tools/cpufeaturemasks.awk
+++ b/arch/x86/tools/cpufeaturemasks.awk
@@ -84,5 +84,11 @@ END {
printf "\t) & (1U << ((x) & 31)))\n\n";
}
+ printf "\n#define DISABLED_MASK_INIT_VALUES\t\t\t\\";
+ printf "\n\t{\t\t\t\t\t\t\\";
+ for (i = 0; i < ncapints; i++)
+ printf "\n\t\tDISABLED_MASK%d,\t\t\t\\", i;
+ printf "\n\t}\n\n";
+
printf "#endif /* _ASM_X86_CPUFEATUREMASKS_H */\n";
}
--
2.49.0
Powered by blists - more mailing lists