Message ID | 20241028160917.1380714-15-alexander.shishkin@linux.intel.com |
---|---|
State | New |
Headers | show |
Series | Enable Linear Address Space Separation support | expand |
On 10/28/2024 9:08 AM, Alexander Shishkin wrote: > To prevent exploits for Spectre based on LAM as demonstrated by the > whitepaper [1], make LAM depend on LASS, which avoids this type of > vulnerability. > > [1] https://download.vusec.net/papers/slam_sp24.pdf > > Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> > --- > arch/x86/kernel/cpu/cpuid-deps.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c > index 3f73c4b03348..d9fb2423605e 100644 > --- a/arch/x86/kernel/cpu/cpuid-deps.c > +++ b/arch/x86/kernel/cpu/cpuid-deps.c > @@ -84,6 +84,7 @@ static const struct cpuid_dep cpuid_deps[] = { > { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, > { X86_FEATURE_FRED, X86_FEATURE_LKGS }, > { X86_FEATURE_LASS, X86_FEATURE_SMAP }, > + { X86_FEATURE_LAM, X86_FEATURE_LASS }, The dependencies listed in cpuid_deps[] are only enforced when a feature such as LASS is explicitly disabled. If the system is missing LASS at boot then LAM would still be enabled. We would need this patch to enforce it: https://lore.kernel.org/lkml/20241030233118.615493-1-sohil.mehta@intel.com/ Sohil
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index 3f73c4b03348..d9fb2423605e 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -84,6 +84,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, { X86_FEATURE_FRED, X86_FEATURE_LKGS }, { X86_FEATURE_LASS, X86_FEATURE_SMAP }, + { X86_FEATURE_LAM, X86_FEATURE_LASS }, {} };
To prevent exploits for Spectre based on LAM as demonstrated by the whitepaper [1], make LAM depend on LASS, which avoids this type of vulnerability. [1] https://download.vusec.net/papers/slam_sp24.pdf Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> --- arch/x86/kernel/cpu/cpuid-deps.c | 1 + 1 file changed, 1 insertion(+)