[MODERATED] [patch 00/11] SSB v2

[MODERATED] [patch 00/11] SSB v2

[konrad.wilk]

Since v1.4:
 - Picked up Jon's patches
 - Reworked per review's
v1.3:
 - Fixed the bug where IBRS was enabled when going in the kernel.
 - Untangled two patches.

 
Couple of things:

 - No AMD MSR support written in KVM to trap if guest wants to disable
   memory disambiguation.

 - Hadn't been tested on AMD.

 - It is based on v4.16 as I figured this would need to go to stable
   trees so may as well make it less dependent on upstream patches?

 - I added the XXXSuggested-by so that quilt wouldn't pick it up.

 Documentation/admin-guide/kernel-parameters.txt |  42 +++++
 arch/x86/include/asm/cpufeatures.h              |   2 +
 arch/x86/include/asm/msr-index.h                |   1 +
 arch/x86/include/asm/nospec-branch.h            |  26 +++-
 arch/x86/include/asm/processor.h                |   1 +
 arch/x86/kernel/cpu/amd.c                       |  42 +++++
 arch/x86/kernel/cpu/bugs.c                      | 198 ++++++++++++++++++++++--
 arch/x86/kernel/cpu/common.c                    |  43 +++--
 arch/x86/kernel/cpu/cpu.h                       |   1 +
 arch/x86/kernel/cpu/intel.c                     |   9 ++
 arch/x86/kvm/cpuid.c                            |   2 +-
 arch/x86/kvm/svm.c                              |   6 +-
 arch/x86/kvm/vmx.c                              |  14 +-
 drivers/base/cpu.c                              |   8 +
 include/linux/cpu.h                             |   2 +
 15 files changed, 360 insertions(+), 37 deletions(-)
Konrad Rzeszutek Wilk (10):
      Linux Patch #1
      Linux Patch #2
      Linux Patch #3
      Linux Patch #4
      Linux Patch #5
      Linux Patch #6
      Linux Patch #7
      Linux Patch #8
      Linux Patch #9
      Linux Patch #10

[MODERATED] Re: [patch 00/11] SSB v2

[Konrad Rzeszutek Wilk]

On Thu, Apr 19, 2018 at 10:25:40PM -0400, speck for konrad.wilk_at_oracle.com wrote:
> Since v1.4:
>  - Picked up Jon's patches
>  - Reworked per review's
> v1.3:
>  - Fixed the bug where IBRS was enabled when going in the kernel.
>  - Untangled two patches.

.. and resent the old (v1.3.1) by mistake first.

Sorry about that - fat fingered the formail command in the wrong directory.

Please review this (v2) patchset.
> 
>  
> Couple of things:
> 
>  - No AMD MSR support written in KVM to trap if guest wants to disable
>    memory disambiguation.
> 
>  - Hadn't been tested on AMD.
> 
>  - It is based on v4.16 as I figured this would need to go to stable
>    trees so may as well make it less dependent on upstream patches?
> 
>  - I added the XXXSuggested-by so that quilt wouldn't pick it up.
> 
>  Documentation/admin-guide/kernel-parameters.txt |  42 +++++
>  arch/x86/include/asm/cpufeatures.h              |   2 +
>  arch/x86/include/asm/msr-index.h                |   1 +
>  arch/x86/include/asm/nospec-branch.h            |  26 +++-
>  arch/x86/include/asm/processor.h                |   1 +
>  arch/x86/kernel/cpu/amd.c                       |  42 +++++
>  arch/x86/kernel/cpu/bugs.c                      | 198 ++++++++++++++++++++++--
>  arch/x86/kernel/cpu/common.c                    |  43 +++--
>  arch/x86/kernel/cpu/cpu.h                       |   1 +
>  arch/x86/kernel/cpu/intel.c                     |   9 ++
>  arch/x86/kvm/cpuid.c                            |   2 +-
>  arch/x86/kvm/svm.c                              |   6 +-
>  arch/x86/kvm/vmx.c                              |  14 +-
>  drivers/base/cpu.c                              |   8 +
>  include/linux/cpu.h                             |   2 +
>  15 files changed, 360 insertions(+), 37 deletions(-)
> Konrad Rzeszutek Wilk (10):
>       Linux Patch #1
>       Linux Patch #2
>       Linux Patch #3
>       Linux Patch #4
>       Linux Patch #5
>       Linux Patch #6
>       Linux Patch #7
>       Linux Patch #8
>       Linux Patch #9
>       Linux Patch #10
> 

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 1061 bytes --]

On 04/19/2018 10:25 PM, speck for konrad.wilk_at_oracle.com wrote:

> Since v1.4:
>  - Picked up Jon's patches
>  - Reworked per review's

Thanks. I like these very much. I will test them shortly, on both
Coffeelake and EPYC. I've heard Intel will have client SKL ucode
available imminently so should be able to cut over to this laptop, which
will make testing a bit easier, including for the VM case.

Also, how are you sending the patch series via GPG? Does quilt support
this natively? (git send-email does not do so). Or do you have your own
sendmail binary that calls gnupg? I looked earlier for a suitable tool
that could properly serve as an smtp proxy for git send-email and found
GNU anubis, which is a broken PoS that doesn't use gpg-agent correctly,
has lousy key management, and no error handling. I was half way through
fixing it being too proud to ask you what you're using...but that's
silly. So tell me if you've a better tool and I'll look at that ;)

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 1318 bytes --]

On 04/19/2018 10:53 PM, Jon Masters wrote:
> On 04/19/2018 10:25 PM, speck for konrad.wilk_at_oracle.com wrote:
> 
>> Since v1.4:
>>  - Picked up Jon's patches
>>  - Reworked per review's
> 
> Thanks. I like these very much. I will test them shortly, on both
> Coffeelake and EPYC. I've heard Intel will have client SKL ucode
> available imminently so should be able to cut over to this laptop, which
> will make testing a bit easier, including for the VM case.
> 
> Also, how are you sending the patch series via GPG? Does quilt support
> this natively? (git send-email does not do so). Or do you have your own
> sendmail binary that calls gnupg? I looked earlier for a suitable tool
> that could properly serve as an smtp proxy for git send-email and found
> GNU anubis, which is a broken PoS that doesn't use gpg-agent correctly,
> has lousy key management, and no error handling. I was half way through
> fixing it being too proud to ask you what you're using...but that's
> silly. So tell me if you've a better tool and I'll look at that ;)

Ah, thanks for the info (via chat). I think I missed those other scripts
of Thomas's. I'll probably still fix up anubis or some other generic
tool for the next time around.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 837 bytes --]

On 04/19/2018 10:53 PM, speck for Jon Masters wrote:
> On 04/19/2018 10:25 PM, speck for konrad.wilk_at_oracle.com wrote:
> 
>> Since v1.4:
>>  - Picked up Jon's patches
>>  - Reworked per review's
> 
> Thanks. I like these very much. I will test them shortly, on both
> Coffeelake and EPYC. I've heard Intel will have client SKL ucode
> available imminently so should be able to cut over to this laptop, which
> will make testing a bit easier, including for the VM case.

I have now tested these on coffeelake, confirming manually with the
"rdmsr" userspace utility that the SPEC_CTRL MSR was set correctly or
not set correctly according to the various command line ssbd options.

Will do some EPYC testing and some VM testing over the weekend.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1.1: Type: text/plain, Size: 2358 bytes --]

Hi Konrad,

I've tried sending a series with a bunch of suggestions, but it's
sitting on my server waiting for linutronix to greylist me ;) So until
that timeout, or in case it doesn't, here's the mbox. This is mostly for
Konrad's benefit. It's got what I thought we were asked to do for
patches 1-7 with the exception of the slight cosmetic goto in #5.

Jon.

On 04/19/2018 10:25 PM, speck for konrad.wilk_at_oracle.com wrote:
> Since v1.4:
>  - Picked up Jon's patches
>  - Reworked per review's
> v1.3:
>  - Fixed the bug where IBRS was enabled when going in the kernel.
>  - Untangled two patches.
> 
>  
> Couple of things:
> 
>  - No AMD MSR support written in KVM to trap if guest wants to disable
>    memory disambiguation.
> 
>  - Hadn't been tested on AMD.
> 
>  - It is based on v4.16 as I figured this would need to go to stable
>    trees so may as well make it less dependent on upstream patches?
> 
>  - I added the XXXSuggested-by so that quilt wouldn't pick it up.
> 
>  Documentation/admin-guide/kernel-parameters.txt |  42 +++++
>  arch/x86/include/asm/cpufeatures.h              |   2 +
>  arch/x86/include/asm/msr-index.h                |   1 +
>  arch/x86/include/asm/nospec-branch.h            |  26 +++-
>  arch/x86/include/asm/processor.h                |   1 +
>  arch/x86/kernel/cpu/amd.c                       |  42 +++++
>  arch/x86/kernel/cpu/bugs.c                      | 198 ++++++++++++++++++++++--
>  arch/x86/kernel/cpu/common.c                    |  43 +++--
>  arch/x86/kernel/cpu/cpu.h                       |   1 +
>  arch/x86/kernel/cpu/intel.c                     |   9 ++
>  arch/x86/kvm/cpuid.c                            |   2 +-
>  arch/x86/kvm/svm.c                              |   6 +-
>  arch/x86/kvm/vmx.c                              |  14 +-
>  drivers/base/cpu.c                              |   8 +
>  include/linux/cpu.h                             |   2 +
>  15 files changed, 360 insertions(+), 37 deletions(-)
> Konrad Rzeszutek Wilk (10):
>       Linux Patch #1
>       Linux Patch #2
>       Linux Patch #3
>       Linux Patch #4
>       Linux Patch #5
>       Linux Patch #6
>       Linux Patch #7
>       Linux Patch #8
>       Linux Patch #9
>       Linux Patch #10
> 


-- 
Computer Architect | Sent from my Fedora powered laptop

[-- Attachment #1.2: sbb.v2.1-stripped-no-cc.mbox --]
[-- Type: application/mbox, Size: 34183 bytes --]

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 621 bytes --]

On 04/22/2018 06:01 AM, speck for Jon Masters wrote:

> I've tried sending a series with a bunch of suggestions, but it's
> sitting on my server waiting for linutronix to greylist me ;) So until
> that timeout, or in case it doesn't, here's the mbox. This is mostly for
> Konrad's benefit. It's got what I thought we were asked to do for
> patches 1-7 with the exception of the slight cosmetic goto in #5.

Oh, and also tested on Coffeelake with all combinations of boot param
and manually verifying the MSR values. VM testing later on.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop

[MODERATED] Re: [patch 00/11] SSB v2

[Tim Chen]

[-- Attachment #1.1: Type: text/plain, Size: 71 bytes --]

Please send me Thomas's tool and this patch series.

Thanks.

Tim

[MODERATED] Re: [patch 00/11] SSB v2

[Konrad Rzeszutek Wilk]

On Mon, Apr 23, 2018 at 09:25:05AM -0700, speck for Tim Chen wrote:
> Please send me Thomas's tool and this patch series.

You are a bit behind - I will send you the new one which is called
spec_store_bypass_disable now :-)

> 
> Thanks.
> 
> Tim

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1.1: Type: text/plain, Size: 644 bytes --]

On 04/23/2018 12:25 PM, speck for Tim Chen wrote:
> Please send me Thomas's tool and this patch series.

Here's Thomas's tool, along with the workflow that Konrad suggested for
how to plumb it together - it's what I used to send my update having at
first not known about Thomas's scripts and gone down a path hacking my
own (I strongly recommend everyone avoid GNU anubis btw...it's awful).

A reminder that the scripts won't sanitize subjects. I got caught up
with that one, so we should obfuscate those in the patch series (Konrad
uses "Linux patch #1" etc..

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop

[-- Attachment #1.2: speckify-mbox --]
[-- Type: text/plain, Size: 1983 bytes --]

#!/usr/bin/python
# SPDX-License-Identifier: GPL2.0
# Copyright Thomas Gleixner <tglx@linutronix.de>
#
# Encrypts all mails in a mbox file and stores the encrypted result in a
# new mbox. Does not work for multipart mails. Only text.plain is supported
# right now. That's good enough to encrypt quilt generated mboxes
#
from argparse import ArgumentParser
import email
import mailbox
import sys
import gpg

# FIXME
mlist = "speck@linutronix.de"
mlistfp = "D52795F28E26A1554E7CD269E23205468C060A6A"

parser = ArgumentParser(description='Crypt a mbox for sending to speck')
parser.add_argument('infile', metavar='infile', help='Filename of input mbox')
parser.add_argument('outfile', metavar='outfile', help='Filename of output mbox')

# Does not work yet, as I have no idea how to get the key fingerprint w/o hard coding it again
parser.add_argument('--self', '-s', dest='crypt_to_self', action='store_true', help='Crypt to self')

args = parser.parse_args()

ibx = mailbox.mbox(args.infile, None, False)
obx = mailbox.mbox(args.outfile, None, True)

if obx.__len__() > 0:
    sys.stderr.write("Output mbox %s exists and not empty\n" %args.outfile)
    sys.exit(0)

for key, msg in ibx.iteritems():

    to = msg.get("To")
    if to != mlist:
    	sys.stderr.write("To: %s != %d\n" %(to, mlist))	
	sys.exit(0)

    if msg.get_content_type() != 'text/plain':
    	sys.stderr.write("Content-type %s != text/plain\n" %msg.get_content_type())
        sys.exit(0)

    if "Cc" in msg:
        sys.stderr.write("Cc: %s not empty. Removing\n" %(msg["Cc"]))	
        msg["Cc"] = ""

    content = msg.get_payload().encode()
    try:
        ctx = gpg.Context(armor = True)
        key = ctx.get_key(mlistfp)
        cipher, res, signres = ctx.encrypt(content, [key], sign = False, always_trust = True)
        msg.set_payload(cipher.decode())
        obx.add(msg)
    except Exception as ex:
        sys.stderr.write("Encryption failed %s\n" %ex)
        sys.exit(0)

ibx.close()
obx.close()

[-- Attachment #1.3: workflow.sh --]
[-- Type: application/x-shellscript, Size: 555 bytes --]

[MODERATED] Re: [patch 00/11] SSB v2

[Peter Zijlstra]

On Mon, Apr 23, 2018 at 01:09:05PM -0400, speck for Jon Masters wrote:
> On 04/23/2018 12:25 PM, speck for Tim Chen wrote:
> > Please send me Thomas's tool and this patch series.
> 
> Here's Thomas's tool, along with the workflow that Konrad suggested for
> how to plumb it together - it's what I used to send my update having at
> first not known about Thomas's scripts and gone down a path hacking my
> own (I strongly recommend everyone avoid GNU anubis btw...it's awful).
> 
> A reminder that the scripts won't sanitize subjects. I got caught up
> with that one, so we should obfuscate those in the patch series (Konrad
> uses "Linux patch #1" etc..

I noticed that the patch series send to this list are not properly
threaded and suspect this script has something to do with it.

Re: [patch 00/11] SSB v2

[Thomas Gleixner]

[-- Attachment #1: Type: text/plain, Size: 2491 bytes --]

On Tue, 24 Apr 2018, speck for Peter Zijlstra wrote:

> On Mon, Apr 23, 2018 at 01:09:05PM -0400, speck for Jon Masters wrote:
> > On 04/23/2018 12:25 PM, speck for Tim Chen wrote:
> > > Please send me Thomas's tool and this patch series.
> > 
> > Here's Thomas's tool, along with the workflow that Konrad suggested for
> > how to plumb it together - it's what I used to send my update having at
> > first not known about Thomas's scripts and gone down a path hacking my
> > own (I strongly recommend everyone avoid GNU anubis btw...it's awful).
> > 
> > A reminder that the scripts won't sanitize subjects. I got caught up
> > with that one, so we should obfuscate those in the patch series (Konrad
> > uses "Linux patch #1" etc..
> 
> I noticed that the patch series send to this list are not properly
> threaded and suspect this script has something to do with it.

I shouldn't if the mbox which you feed into it is properly threaded. The
way I tested it is:

# quilt mail --mbox mbox --sender $ME --from $ME --to speck@linutronix.de

That creates a properly threaded mbox

# speckify-mbox mbox cbox

That does:

  - Remove all Cc's from the mails
  - Crypt the content

and leaves everything else alone. So with the mbox I used for testing I
have:

Message-Id: <20180412185007.126296694@linutronix.de>
Subject: [patch 0/3] test gpg

Message-Id: <20180412185034.693831411@linutronix.de>
Subject: [patch 1/3] percpu-vector-support
References: <20180412185007.126296694@linutronix.de>

Message-Id: <20180412185034.779834051@linutronix.de>
Subject: [patch 2/3] hack
References: <20180412185007.126296694@linutronix.de>

Message-Id: <20180412185034.861634730@linutronix.de>
Subject: [patch 3/3] debug
References: <20180412185007.126296694@linutronix.de>

and cbox has:

Message-Id: <20180412185007.126296694@linutronix.de>
Subject: [patch 0/3] test gpg

Message-Id: <20180412185034.693831411@linutronix.de>
Subject: [patch 1/3] percpu-vector-support
References: <20180412185007.126296694@linutronix.de>

Message-Id: <20180412185034.779834051@linutronix.de>
Subject: [patch 2/3] hack
References: <20180412185007.126296694@linutronix.de>

Message-Id: <20180412185034.861634730@linutronix.de>
Subject: [patch 3/3] debug
References: <20180412185007.126296694@linutronix.de>

which is the same ...

The ML recryption does not touch the message id and references either, so I
don't know what went wrong.

Script attached once more for those who were not on list when I posted it.

Thanks,

	tglx



[-- Attachment #2: Type: text/plain, Size: 2051 bytes --]

#!/usr/bin/env python
# SPDX-License-Identifier: GPL2.0
# Copyright Thomas Gleixner <tglx@linutronix.de>
#
# Encrypts all mails in a mbox file and stores the encrypted result in a
# new mbox. Does not work for multipart mails. Only text.plain is supported
# right now. That's good enough to encrypt quilt generated mboxes
#
from argparse import ArgumentParser
import email
import mailbox
import sys
import gpg

# FIXME
mlist = "speck@linutronix.de"
mlistfp = "D52795F28E26A1554E7CD269E23205468C060A6A"

parser = ArgumentParser(description='Crypt a mbox for sending to speck')
parser.add_argument('infile', metavar='infile', help='Filename of input mbox')
parser.add_argument('outfile', metavar='outfile', help='Filename of output mbox')

# Does not work yet, as I have no idea how to get the key fingerprint w/o hard coding it again
# parser.add_argument('--self', '-s', dest='crypt_to_self', action='store_true', help='Crypt to self')

args = parser.parse_args()

ibx = mailbox.mbox(args.infile, None, False)
obx = mailbox.mbox(args.outfile, None, True)

if obx.__len__() > 0:
    sys.stderr.write("Output mbox %s exists and not empty\n" %args.outfile)
    sys.exit(0)

for key, msg in ibx.iteritems():

    to = msg.get("To")
    if to != mlist:
    	sys.stderr.write("To: %s != %d\n" %(to, mlist))	
	sys.exit(0)

    if msg.get_content_type() != 'text/plain':
    	sys.stderr.write("Content-type %s != text/plain\n" %msg.get_content_type())
        sys.exit(0)

    if "Cc" in msg:
        sys.stderr.write("Cc: %s not empty. Removing\n" %(msg["Cc"]))	
        msg["Cc"] = ""

    content = msg.get_payload().encode()
    try:
        ctx = gpg.Context(armor = True)
        key = ctx.get_key(mlistfp)
        cipher, res, signres = ctx.encrypt(content, [key], sign = False, always_trust = True)
        msg.set_payload(cipher.decode())
        obx.add(msg)
    except Exception as ex:
        sys.stderr.write("Encryption failed %s\n" %ex)
        sys.exit(0)

ibx.close()
obx.close()

[MODERATED] Re: [patch 00/11] SSB v2

[Jon Masters]

[-- Attachment #1: Type: text/plain, Size: 826 bytes --]

On 04/24/2018 02:00 PM, speck for Thomas Gleixner wrote:

> The ML recryption does not touch the message id and references either, so I
> don't know what went wrong.

As I mentioned last week, I looked briefly (well, not so briefly) at GNU
anubis when I thought everyone was just using some standard tool I
didn't know about (then Konrad told me you had scripts). But it's a PoS,
and it even recommends you store your GPG password in plaintext in its
"super secret" (file permissions) config file...and it also f's up using
gpg-agent properly even when it tries to do that. I will put together an
SMTP proxy script when I get time. What I really want to do is just tell
git send-email to use a magic smtp-server. It'll probably be useful.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop