| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7rugd7emqxsfq4jhfz47weezipfoskf43xslgzgwea2rvun7z6@3tdprstsluw4>
Date: Thu, 24 Jul 2025 12:13:25 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
<x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Kyung Min Park
<kyung.min.park@...el.com>, Ricardo Neri
<ricardo.neri-calderon@...ux.intel.com>, Tony Luck <tony.luck@...el.com>,
<xin3.li@...el.com>, Farrah Chen <farrah.chen@...el.com>,
<stable@...r.kernel.org>, Borislav Petkov <bp@...e.de>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] x86: Clear feature bits disabled at compile-time
Hello Greg,
I'd like to ask you for guidence on how to proceed with backporting this change
to the 5.10 stable kernel and newer ones.
I prepared a patch that is applicable on 5.10.240, and doesn't use the 6.14
disabled feature bit infrastructure - the disabled bitmask is simply open coded.
And as far as I tested the patch compiles and works in QEMU.
I wanted to ask if I should submit that patch to the stable ML separately? If
so, should I do it for 5.10 only or all the stable ones separately? (if they
have different lenghts of the disabled bitmask) Or do you prefer to backport it
/ apply it yourself?
I'm putting the backported patch both as attachment to this message for easier
downloading, and in text below to make commenting on it easier:
From 7dd94f58d28ac98dc39bebc8ce8479039bc069c8 Mon Sep 17 00:00:00 2001
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Date: Thu, 24 Jul 2025 08:34:33 +0200
Subject: [PATCH] x86: Clear feature bits disabled at compile time
If some config options are disabled during compile time, they still are
enumerated in macros that use the x86_capability bitmask - cpu_has() or
this_cpu_has().
The features are also visible in /proc/cpuinfo even though they are not
enabled - which is contrary to what the documentation states about the
file.
Mainline upstream kernel autogenerates the disabled masks at compile
time, but this infrastructure was introduced in the 6.14 kernel. To
backport this, open code the DISABLED_MASK_INITIALIZER macro instead.
Initialize the cpu_caps_cleared array with the disabled bitmask.
Fixes: ea4e3bef4c94 ("Documentation/x86: Add documentation for /proc/cpuinfo feature flags")
Reported-by: Farrah Chen <farrah.chen@...el.com>
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: <stable@...r.kernel.org>
---
arch/x86/include/asm/disabled-features.h | 26 ++++++++++++++++++++++++
arch/x86/kernel/cpu/common.c | 3 ++-
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index 170c87253340..a84e62cdae57 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -106,4 +106,30 @@
#define DISABLED_MASK21 0
#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 23)
+#define DISABLED_MASK_INITIALIZER \
+ { \
+ DISABLED_MASK0, \
+ DISABLED_MASK1, \
+ DISABLED_MASK2, \
+ DISABLED_MASK3, \
+ DISABLED_MASK4, \
+ DISABLED_MASK5, \
+ DISABLED_MASK6, \
+ DISABLED_MASK7, \
+ DISABLED_MASK8, \
+ DISABLED_MASK9, \
+ DISABLED_MASK10, \
+ DISABLED_MASK11, \
+ DISABLED_MASK12, \
+ DISABLED_MASK13, \
+ DISABLED_MASK14, \
+ DISABLED_MASK15, \
+ DISABLED_MASK16, \
+ DISABLED_MASK17, \
+ DISABLED_MASK18, \
+ DISABLED_MASK19, \
+ DISABLED_MASK20, \
+ DISABLED_MASK21, \
+ }
+
#endif /* _ASM_X86_DISABLED_FEATURES_H */
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 258e28933abe..a3c323acff5f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -588,7 +588,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c)
}
/* Aligned to unsigned long to avoid split lock in atomic bitmap ops */
-__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
+__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)) =
+ DISABLED_MASK_INITIALIZER;
__u32 cpu_caps_set[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
void load_percpu_segment(int cpu)
--
2.49.0
--
Kind regards
Maciej Wieczór-Retman
View attachment "v3-0001-x86-Clear-feature-bits-disabled-at-compile-time.patch" of type "text/plain" (2822 bytes)
Powered by blists - more mailing lists