From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 05 Oct 2019 21:43:23 -0000 Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1iGrph-00064r-Vx for speck@linutronix.de; Sat, 05 Oct 2019 23:43:22 +0200 Received: by mail-pg1-x533.google.com with SMTP id d26so5797528pgl.7 for ; Sat, 05 Oct 2019 14:43:21 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:3602:86ff:fef6:e86b? ([2601:646:c200:1ef2:3602:86ff:fef6:e86b]) by smtp.googlemail.com with ESMTPSA id g12sm11720131pfb.97.2019.10.05.14.43.11 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 05 Oct 2019 14:43:11 -0700 (PDT) Subject: [MODERATED] Re: [PATCH v5 03/11] TAAv5 3 References: <5d98396a.1c69fb81.6c7a8.23b1SMTPIN_ADDED_BROKEN@mx.google.com> From: Andy Lutomirski Message-ID: Date: Sat, 5 Oct 2019 14:43:10 -0700 MIME-Version: 1.0 In-Reply-To: <5d98396a.1c69fb81.6c7a8.23b1SMTPIN_ADDED_BROKEN@mx.google.com> Content-Type: multipart/mixed; boundary="qH4tAJESDwzQNBOdlUOJGtVOKtHLo2dQV" To: speck@linutronix.de List-ID: This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) --qH4tAJESDwzQNBOdlUOJGtVOKtHLo2dQV Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10/4/19 11:28 PM, speck for Pawan Gupta wrote: > Disable TSX by default on bootup. If IA32_TSX_CTRL MSR is not present, > TSX state stays NOT_SUPPORTED which is the compile time default, > otherwise change TSX state to DISABLE. This is because on certain > processsors TSX may be used as a part of a speculative side channel > attack. >=20 > Signed-off-by: Pawan Gupta > Reviewed-by: Mark Gross > Reviewed-by: Tony Luck > Tested-by: Neelima Krishnan > --- > arch/x86/kernel/cpu/Makefile | 2 +- > arch/x86/kernel/cpu/cpu.h | 4 ++ > arch/x86/kernel/cpu/intel.c | 2 + > arch/x86/kernel/cpu/tsx.c | 72 ++++++++++++++++++++++++++++++++++++= > 4 files changed, 79 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/kernel/cpu/tsx.c >=20 > diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefil= e > index d7a1e5a9331c..890f60083eca 100644 > --- a/arch/x86/kernel/cpu/Makefile > +++ b/arch/x86/kernel/cpu/Makefile > @@ -30,7 +30,7 @@ obj-$(CONFIG_PROC_FS) +=3D proc.o > obj-$(CONFIG_X86_FEATURE_NAMES) +=3D capflags.o powerflags.o > =20 > ifdef CONFIG_CPU_SUP_INTEL > -obj-y +=3D intel.o intel_pconfig.o > +obj-y +=3D intel.o intel_pconfig.o tsx.o > obj-$(CONFIG_PM) +=3D intel_epb.o > endif > obj-$(CONFIG_CPU_SUP_AMD) +=3D amd.o > diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h > index c0e2407abdd6..d864ec4180cc 100644 > --- a/arch/x86/kernel/cpu/cpu.h > +++ b/arch/x86/kernel/cpu/cpu.h > @@ -62,4 +62,8 @@ unsigned int aperfmperf_get_khz(int cpu); > =20 > extern void x86_spec_ctrl_setup_ap(void); > =20 > +extern void tsx_init(struct cpuinfo_x86 *c); > + > +extern u64 read_ia32_arch_cap(void); > + > #endif /* ARCH_X86_CPU_H */ > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index 8d6d92ebeb54..b1d6c96f6b88 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -761,6 +761,8 @@ static void init_intel(struct cpuinfo_x86 *c) > detect_tme(c); > =20 > init_intel_misc_features(c); > + > + tsx_init(c); > } > =20 > #ifdef CONFIG_X86_32 > diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c > new file mode 100644 > index 000000000000..c549750dd7c8 > --- /dev/null > +++ b/arch/x86/kernel/cpu/tsx.c > @@ -0,0 +1,72 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Intel Transactional Synchronization Extensions (TSX) control. > + * > + * Copyright (C) 2019 Intel Corporation > + * > + * Author: > + * Pawan Gupta > + */ > + > +#include > +#include > + > +#include "cpu.h" > + > +static enum tsx_ctrl_states { > + TSX_CTRL_ENABLE, > + TSX_CTRL_DISABLE, > + TSX_CTRL_NOT_SUPPORTED, > +} tsx_ctrl_state =3D TSX_CTRL_NOT_SUPPORTED; > + > +static void tsx_disable(void) > +{ > + u64 tsx; > + > + rdmsrl(MSR_IA32_TSX_CTRL, tsx); > + > + /* Force all transactions to immediately abort */ > + tsx |=3D TSX_CTRL_RTM_DISABLE; > + /* > + * Ensure TSX support is not enumerated in CPUID. > + * This is visible to userspace and will ensure they > + * do not waste resources trying TSX transactions that > + * will always abort. > + */ > + tsx |=3D TSX_CTRL_CPUID_CLEAR; > + > + wrmsrl(MSR_IA32_TSX_CTRL, tsx); > +} > + > +static bool tsx_ctrl_is_supported(void) > +{ > + u64 ia32_cap =3D read_ia32_arch_cap(); > + > + /* > + * TSX is controlled via MSR_IA32_TSX_CTRL. However, > + * support for this MSR is enumerated by ARCH_CAP_TSX_MSR bit > + * in MSR_IA32_ARCH_CAPABILITIES. > + */ > + return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR); > +} > + > +void tsx_init(struct cpuinfo_x86 *c) > +{ > + if (!tsx_ctrl_is_supported()) > + return; > + > + /* > + * Default to TSX_CTRL_DISABLE. This is because on certain processors= > + * TSX may be used as part of a speculative side channel attack. > + */ > + tsx_ctrl_state =3D TSX_CTRL_DISABLE; > + > + tsx_disable(); > + /* > + * tsx_disable() will change the state of the > + * RTM CPUID bit. Clear it here since it is now > + * expected to be not set. > + */ > + clear_cpu_cap(c, X86_FEATURE_RTM); > + setup_clear_cpu_cap(X86_FEATURE_RTM); You shouldn't be doing both clear_cpu_cap *and* setup_clear_cpu_cap(). Also, please fold patch 4 into this patch or at least make the contents of tsx_init() in this patch make some sense. --qH4tAJESDwzQNBOdlUOJGtVOKtHLo2dQV--