historical-speck.lore.kernel.org archive mirror
 help / color / mirror / Atom feed
From: mark gross <mgross@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: Slow Randomizing Boosts Denial of Service - Bulletin #2
Date: Tue, 5 May 2020 14:31:56 -0700	[thread overview]
Message-ID: <20200505213156.GB149583@mtg-dev.jf.intel.com> (raw)
In-Reply-To: <20200505192907.GC6880@zn.tnic>

On Tue, May 05, 2020 at 09:29:07PM +0200, speck for Borislav Petkov wrote:
> On Tue, Apr 28, 2020 at 05:48:49PM +0200, speck for Thomas Gleixner wrote:
> > Folks!
> > 
> > I've merged the documentation update from Josh into the master branch of
> > the speck git repository at:
> > 
> >    cvs.ou.linutronix.de:linux/speck/linux
> 
> Ok, since the CRD has been pushed by a ~month, we probably should start
> merging the non-critical pieces because we have users for them and
> there's no point in letting them rot in an out-of-tree repo.
> 
> Of course, we won't change the SHA1's so that no ongoing backports are
> disrupted.
> 
> Thus, looking at:
> 
>   e9d7144597b1 ("x86/cpu: Add a steppings field to struct x86_cpu_id")
> 
> for example, it doesn't have any text in there which hints at anything
> NDA and so we can queue it for upstreaming now along with those below
> and thus slim down the SRBDS queue even more. I.e., it will have only
> three patches after this.
> 
> Thx.
Look good to me.

--mark

> 
> ---
> From: Borislav Petkov <bp@suse.de>
> Date: Tue, 5 May 2020 19:25:08 +0200
> Subject: [PATCH 1/2] x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro
> 
> ... to match Intel family 6 CPUs with steppings.
> 
> Signed-off-by: Borislav Petkov <bp@suse.de>
> ---
>  arch/x86/include/asm/cpu_device_id.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
> index 10426cd56dca..eb8fcede9e3b 100644
> --- a/arch/x86/include/asm/cpu_device_id.h
> +++ b/arch/x86/include/asm/cpu_device_id.h
> @@ -160,6 +160,10 @@
>  #define X86_MATCH_INTEL_FAM6_MODEL(model, data)				\
>  	X86_MATCH_VENDOR_FAM_MODEL(INTEL, 6, INTEL_FAM6_##model, data)
>  
> +#define X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(model, steppings, data)	\
> +	X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE(INTEL, 6, INTEL_FAM6_##model, \
> +						     steppings, X86_FEATURE_ANY, data)
> +
>  /*
>   * Match specific microcode revisions.
>   *
> -- 
> 2.21.0
> 
> ---
> From: Borislav Petkov <bp@suse.de>
> Date: Tue, 5 May 2020 19:27:16 +0200
> Subject: [PATCH 2/2] x86/apic: Convert the TSC deadline timer matching to steppings macro
> 
> ... and get rid of the function pointers which would spit out the
> microcode revision based on the CPU stepping.
> 
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
> ---
>  arch/x86/kernel/apic/apic.c | 57 ++++++++-----------------------------
>  1 file changed, 12 insertions(+), 45 deletions(-)
> 
> diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
> index e53dda210cd7..4b1d31be50b4 100644
> --- a/arch/x86/kernel/apic/apic.c
> +++ b/arch/x86/kernel/apic/apic.c
> @@ -544,46 +544,20 @@ static struct clock_event_device lapic_clockevent = {
>  };
>  static DEFINE_PER_CPU(struct clock_event_device, lapic_events);
>  
> -static __init u32 hsx_deadline_rev(void)
> -{
> -	switch (boot_cpu_data.x86_stepping) {
> -	case 0x02: return 0x3a; /* EP */
> -	case 0x04: return 0x0f; /* EX */
> -	}
> -
> -	return ~0U;
> -}
> -
> -static __init u32 bdx_deadline_rev(void)
> -{
> -	switch (boot_cpu_data.x86_stepping) {
> -	case 0x02: return 0x00000011;
> -	case 0x03: return 0x0700000e;
> -	case 0x04: return 0x0f00000c;
> -	case 0x05: return 0x0e000003;
> -	}
> -
> -	return ~0U;
> -}
> -
> -static __init u32 skx_deadline_rev(void)
> -{
> -	switch (boot_cpu_data.x86_stepping) {
> -	case 0x03: return 0x01000136;
> -	case 0x04: return 0x02000014;
> -	}
> +static const struct x86_cpu_id deadline_match[] __initconst = {
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(HASWELL_X, X86_STEPPINGS(0x2, 0x2), 0x3a), /* EP */
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(HASWELL_X, X86_STEPPINGS(0x4, 0x4), 0x0f), /* EX */
>  
> -	if (boot_cpu_data.x86_stepping > 4)
> -		return 0;
> +	X86_MATCH_INTEL_FAM6_MODEL( BROADWELL_X,	0x0b000020),
>  
> -	return ~0U;
> -}
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(BROADWELL_D, X86_STEPPINGS(0x2, 0x2), 0x00000011),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(BROADWELL_D, X86_STEPPINGS(0x3, 0x3), 0x0700000e),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(BROADWELL_D, X86_STEPPINGS(0x4, 0x4), 0x0f00000c),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(BROADWELL_D, X86_STEPPINGS(0x5, 0x5), 0x0e000003),
>  
> -static const struct x86_cpu_id deadline_match[] __initconst = {
> -	X86_MATCH_INTEL_FAM6_MODEL( HASWELL_X,		&hsx_deadline_rev),
> -	X86_MATCH_INTEL_FAM6_MODEL( BROADWELL_X,	0x0b000020),
> -	X86_MATCH_INTEL_FAM6_MODEL( BROADWELL_D,	&bdx_deadline_rev),
> -	X86_MATCH_INTEL_FAM6_MODEL( SKYLAKE_X,		&skx_deadline_rev),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(SKYLAKE_X, X86_STEPPINGS(0x3, 0x3), 0x01000136),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(SKYLAKE_X, X86_STEPPINGS(0x4, 0x4), 0x02000014),
> +	X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS(SKYLAKE_X, X86_STEPPINGS(0x5, 0xf), 0),
>  
>  	X86_MATCH_INTEL_FAM6_MODEL( HASWELL,		0x22),
>  	X86_MATCH_INTEL_FAM6_MODEL( HASWELL_L,		0x20),
> @@ -615,14 +589,7 @@ static __init bool apic_validate_deadline_timer(void)
>  	if (!m)
>  		return true;
>  
> -	/*
> -	 * Function pointers will have the MSB set due to address layout,
> -	 * immediate revisions will not.
> -	 */
> -	if ((long)m->driver_data < 0)
> -		rev = ((u32 (*)(void))(m->driver_data))();
> -	else
> -		rev = (u32)m->driver_data;
> +	rev = (u32)m->driver_data;
>  
>  	if (boot_cpu_data.microcode >= rev)
>  		return true;
> -- 
> 2.21.0
> 
> -- 
> Regards/Gruss,
>     Boris.
> 
> SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg

      reply	other threads:[~2020-05-05 21:32 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-28 15:48 Thomas Gleixner
2020-05-04 23:41 ` [MODERATED] " Ben Hutchings
2020-05-05 19:29 ` Borislav Petkov
2020-05-05 21:31   ` mark gross [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200505213156.GB149583@mtg-dev.jf.intel.com \
    --to=mgross@linux.intel.com \
    --cc=speck@linutronix.de \
    --subject='[MODERATED] Re: Slow Randomizing Boosts Denial of Service - Bulletin #2' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).