| Message ID | 919b6370a908bb091779ec2eca7ca5e369d57847.1705631230.git.pawan.kumar.gupta@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:2bc4:b0:101:a8e8:374 with SMTP id hx4csp856450dyb;
Fri, 19 Jan 2024 00:01:22 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IE2sgq+Qu7hcA5n/2rz0UWoazLZfpfVR5Tmn20A7vPNSA5njAgPP1P1em6GQ66iRaDfGiWA
X-Received: by 2002:aa7:9f1a:0:b0:6db:1653:47a2 with SMTP id
g26-20020aa79f1a000000b006db165347a2mr1722242pfr.31.1705651282047;
Fri, 19 Jan 2024 00:01:22 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705651282; cv=pass;
d=google.com; s=arc-20160816;
b=ow98woK7U/u70NsZb2J0dxBbjJvqjg/7d2j0AIYDx0UAo5ukCFkQ9WsCvq23tUbhTp
CBKFyHXpDmT2CaWFrkwsO4D3PTOvfxJKxcs6XUyECXvo5uODZEyWnq/t6Y9NO88hoVlq
vPf7pKvNTm9o9+R3W79bJcOomNx7WifVyc0HhDAxfW5tEDPyEpja9YOm+oLRGVog4z7t
ycEAX7LPGHqH2s6G7Ac4p/SqB3Gsj0elnvqmD8PCDvCl0+cPcxEPAfFjDm5QclnJgIXy
1U6Sd8BSPL4MPsMNBbE2aJYNyPupGgVnbboIULtusxzi9ili1azJ4c1X2xefjM/OHSWB
wFQg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-disposition:mime-version:list-unsubscribe:list-subscribe
:list-id:precedence:message-id:subject:cc:to:from:date
:dkim-signature;
bh=J+LNpKtmgfFcvHiqSn/zbL53yGNGLZ9JCRPHqE7BYkU=;
fh=SJ+xCroZJxxjm7bbzWUu2KiKHoNlLGN+BwrfazK6mJU=;
b=h0CeK+oLWQF7g6uwKASPC5RkeqhcERnwxBK+Z0gF2smhp3Ie1rBuTiB5uSbdm9+elR
RumthjmQGBmuf1fjWcgGVzqKuPex/GIak4efh5IjAbyqhrZrcHUDIN+ZOK3kvKIiU6zZ
m2bbzyB1KsBbYhxJswjna5ZBk727dAfEuAKkmjhD9Tew3qRTsbNr7OzKRAVD5qybjAfi
20ePEisYvUOr+sKgrB0ITUPNvBxbvYMSbctcsoQfeUe3Es7oGoCY1Nirlk0mMfPUuwiv
szAdlWO1ZZXH/EY7nCEeyWmSNG50WhdXvoWTYPiYrZri/k4TfcY4SBBUgVITmckTYhrw
anaw==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=OVOe6Ok9;
arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass
fromdomain=linux.intel.com);
spf=pass (google.com: domain of
linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
by mx.google.com with ESMTPS id
c7-20020a654207000000b005c67bb15866si2910637pgq.52.2024.01.19.00.01.21
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 19 Jan 2024 00:01:22 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=OVOe6Ok9;
arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass
fromdomain=linux.intel.com);
spf=pass (google.com: domain of
linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org designates
139.178.88.99 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-30705-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sv.mirrors.kernel.org (Postfix) with ESMTPS id 21A5728548C
for <ouuuleilei@gmail.com>; Fri, 19 Jan 2024 02:36:10 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id D9A7D20FD;
Fri, 19 Jan 2024 02:35:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
header.b="OVOe6Ok9"
Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id CEFF81362
for <linux-kernel@vger.kernel.org>; Fri, 19 Jan 2024 02:35:54 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=134.134.136.100
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1705631757; cv=none;
b=qRGXSKeqNc3eSkfW3g0qCt6hQ8y0ZVGYHHbmlfvaP3EV/zRMtZYxQX0bFZ/xShWn+3O+cOESmuCnKnLnvNqsY4H1DtGCC3tMzDU+RVzZsD9xpBY5t0bW59Qi03i2jlGinpKaKycyB8wU48RTir8Hu8WtG5NA5SezYhF80SxjIkg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1705631757; c=relaxed/simple;
bh=FWdvLRIjZQjdEsuLa7S5VAS5JZs8laiq1LL6yRWxQOA=;
h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
Content-Disposition;
b=pPWvdbyj4tmbdNMVE2rOSVmrPcmyKH1/mMxWgajdYTaKeJqoVeXanRaJyp/LKI2PYFrWSewTkIKLpNM8mkKzrBhHZdifgQLcJ4Q0CUNxiXyOM4Psi8CysQz5Ncuwo67tn4Y7GfGq3/Uu3UOi3RPNfd2kFkfmfjs5KwbL5wfk2jk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.intel.com;
spf=none smtp.mailfrom=linux.intel.com;
dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
header.b=OVOe6Ok9; arc=none smtp.client-ip=134.134.136.100
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1705631754; x=1737167754;
h=date:from:to:cc:subject:message-id:mime-version;
bh=FWdvLRIjZQjdEsuLa7S5VAS5JZs8laiq1LL6yRWxQOA=;
b=OVOe6Ok9vdfeOswGcJg0deVrXdfyTj23qqjTfx9Nqjo+ljzwNdC/EYCW
dZ8RsGYIiJdlraFoP1C5bTN7qK4romV6CRA+SElFvgo3CvEaCGKmKC7Hr
Jg010uTUC/Wtq09LoEgzChLmIbuQ5eIdJgBd+KYvtmXZum/3a+WQGKd+M
Yg4hk9RUatcKHWhwD+vfeshLRQdIKhWL4q5PWAGmfhFresVf/UxurWyHp
/bAKDQYT3ty8lCq8jj33wwUOGFQ4FaWMlISkTKgkYBzU6ry896Mzrk3yl
6k8BtYQh+vFs8BlnJ1SDfHzdxTCtzBCtO8gelZGnhCNChcdDpwo+WNxfz
Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10956"; a="467015121"
X-IronPort-AV: E=Sophos;i="6.05,203,1701158400";
d="scan'208";a="467015121"
Received: from orviesa003.jf.intel.com ([10.64.159.143])
by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
18 Jan 2024 18:35:48 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.05,203,1701158400";
d="scan'208";a="499769"
Received: from pialybar-mobl2.amr.corp.intel.com (HELO desk) ([10.209.49.165])
by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
18 Jan 2024 18:35:49 -0800
Date: Thu, 18 Jan 2024 18:35:47 -0800
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>, linux-kernel@vger.kernel.org,
kirill.shutemov@linux.intel.com, daniel.sneddon@linux.intel.com,
antonio.gomez.iglesias@linux.intel.com, rick.p.edgecombe@intel.com,
sohil.mehta@intel.com, alexander.shishkin@intel.com
Subject: [PATCH] x86/lam: Disable ADDRESS_MASKING in most cases
Message-ID:
<919b6370a908bb091779ec2eca7ca5e369d57847.1705631230.git.pawan.kumar.gupta@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1788502724669175596
X-GMAIL-MSGID: 1788504998604517524
|
| Series |
x86/lam: Disable ADDRESS_MASKING in most cases
|
|
Commit Message
Pawan Gupta
Jan. 19, 2024, 2:35 a.m. UTC
Intel feature Linear Address Masking (LAM) has a weakness related to
transient execution as described in the SLAM paper[1]. Unless Linear
Address Space Separation (LASS) is enabled this weakness may be
exploitable.
Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST,
or when speculation mitigations have been disabled at compile time,
otherwise keep LAM disabled.
[1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf
[2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/
Cc: stable@vger.kernel.org # v6.4+
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
arch/x86/Kconfig | 1 +
1 file changed, 1 insertion(+)
base-commit: 0dd3ee31125508cd67f7e7172247f05b7fd1753a
Comments
On Fri, Jan 19, 2024 at 07:58:28AM +0300, kirill.shutemov@linux.intel.com wrote: > On Thu, Jan 18, 2024 at 06:35:47PM -0800, Pawan Gupta wrote: > > Intel feature Linear Address Masking (LAM) has a weakness related to > > transient execution as described in the SLAM paper[1]. Unless Linear > > Address Space Separation (LASS) is enabled this weakness may be > > exploitable. > > > > Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST, > > or when speculation mitigations have been disabled at compile time, > > otherwise keep LAM disabled. > > > > It worth adding that there's no HW on market that supports LAM, so nobody > affected by the issue. Right. > > [1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf > > [2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/ > > > > Cc: stable@vger.kernel.org # v6.4+ > > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > > Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Thanks.
On Fri, Jan 19, 2024 at 09:48:14AM -0800, Sohil Mehta wrote: > Hi Pawan, > > On 1/18/2024 6:35 PM, Pawan Gupta wrote: > > arch/x86/Kconfig | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 1566748f16c4..794517df8068 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -2270,6 +2270,7 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING > > config ADDRESS_MASKING > > bool "Linear Address Masking support" > > depends on X86_64 > > + depends on COMPILE_TEST || !SPECULATION_MITIGATIONS # wait for LASS > > I was wondering if the COMPILE_TEST dependency here is a bit redundant. > > Having ADDRESS_MASKING depend on just !SPECULATION_MITIGATIONS might be > enough to get the LAM code compile tested through various configurations. > > I don't have a strong preference here. Mainly looking to understand the > reasoning. Other than that the patch looks fine to me. The goal is to compile test it whenever possible. As SPECULATION_MITIGATIONS are ON by default, it wont get tested for most configuration.
Hi Pawan, On 1/18/2024 6:35 PM, Pawan Gupta wrote: > arch/x86/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 1566748f16c4..794517df8068 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -2270,6 +2270,7 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING > config ADDRESS_MASKING > bool "Linear Address Masking support" > depends on X86_64 > + depends on COMPILE_TEST || !SPECULATION_MITIGATIONS # wait for LASS I was wondering if the COMPILE_TEST dependency here is a bit redundant. Having ADDRESS_MASKING depend on just !SPECULATION_MITIGATIONS might be enough to get the LAM code compile tested through various configurations. I don't have a strong preference here. Mainly looking to understand the reasoning. Other than that the patch looks fine to me. Sohil > help > Linear Address Masking (LAM) modifies the checking that is applied > to 64-bit linear addresses, allowing software to use of the
On Fri, Jan 19, 2024 at 03:36:22PM -0800, Sohil Mehta wrote: > On 1/19/2024 8:21 AM, Pawan Gupta wrote: > > > The goal is to compile test it whenever possible. As > > SPECULATION_MITIGATIONS are ON by default, it wont get tested for most > > configuration. > > Sure, that would help increase the compile coverage. I wasn't sure how > much of a difference it would make. Anyways, the restriction is expected > to be short lived until LASS is available. True. > Please feel free to add: > Reviewed-by: Sohil Mehta <sohil.mehta@intel.com> Thanks
On 1/19/2024 8:21 AM, Pawan Gupta wrote: > The goal is to compile test it whenever possible. As > SPECULATION_MITIGATIONS are ON by default, it wont get tested for most > configuration. Sure, that would help increase the compile coverage. I wasn't sure how much of a difference it would make. Anyways, the restriction is expected to be short lived until LASS is available. Please feel free to add: Reviewed-by: Sohil Mehta <sohil.mehta@intel.com>
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1566748f16c4..794517df8068 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2270,6 +2270,7 @@ config RANDOMIZE_MEMORY_PHYSICAL_PADDING config ADDRESS_MASKING bool "Linear Address Masking support" depends on X86_64 + depends on COMPILE_TEST || !SPECULATION_MITIGATIONS # wait for LASS help Linear Address Masking (LAM) modifies the checking that is applied to 64-bit linear addresses, allowing software to use of the