[Bug 1085958] New: when nospectre_v2 be used spec_ctrl flags only disappear on Core0
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Bug ID: 1085958 Summary: when nospectre_v2 be used spec_ctrl flags only disappear on Core0 Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: jnwang@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When I use nospectre_v2 on kernel cmdline, lscpu doesn't display spec_ctrl flags. but when I cat /proc/cpuinfo | grep spec_ctrl: I will see spec_ctrl flag on other logic core except core0. kernel version: 4.4.120-8.g7186d16-default http://download.opensuse.org/repositories/Kernel:/openSUSE-42.3/standard/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 James Wang <jnwang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bpetkov@suse.com, | |jkosina@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Takashi Iwai <tiwai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jslaby@suse.com, | |tiwai@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c1 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #1 from Jiri Slaby <jslaby@suse.com> --- Ugh, oh my. The interaction of upstream vs. non-upstream spectre v2 handling is in start_kernel as follows:
parse_early_param nospec <- if passed "nospec" parameter check_bugs identify_boot_cpu identify_cpu(boot_cpu_data) init_intel x86_spec_check -> non-upstream IBRS setup_force_cpu_cap(X86_FEATURE_SPEC_CTRL) apply_forced_caps spectre_v2_select_mitigation spectre_v2_parse_cmdline nospec -> set by "nospectre_v2" param setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL) rest_init kernel_init kernel_init_freeable smp_init -> distribute
So non-upstream spec v2 sets the forced flag, but later call to nospec won't help, as it does not remove forced flag to be cleared. So nospectre_v2 removes the flag only from the boot cpu. This should fix it: --- a/arch/x86/kernel/cpu/spec_ctrl.c +++ b/arch/x86/kernel/cpu/spec_ctrl.c @@ -100,3 +100,4 @@ int nospec(char *str) return 0; } early_param("nospec", nospec); +early_param("nospectre_v2", nospec); -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c2 --- Comment #2 from Jiri Slaby <jslaby@suse.com> --- Building at: https://build.opensuse.org/project/monitor?project=home%3Ajirislaby%3Abnc108... Check it once it's built. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c3 Borislav Petkov <bpetkov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jkosina@suse.com) --- Comment #3 from Borislav Petkov <bpetkov@suse.com> --- Actually, the logic we came up with there is to set ibrs_state and ibpb_state to 0 if nospec has disabled them. Otherwise they're initalized to -1 to differentiate that no cmdline switch was supplied. And x86_spec_check() should look at ibrs_state too at entry, I wonder why jikos is looking at ibpb_state only. jikos? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Borislav Petkov <bpetkov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jkosina@suse.com) | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c6 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jnwang@suse.com Flags| |needinfo?(jnwang@suse.com) --- Comment #6 from Jiri Slaby <jslaby@suse.com> --- (In reply to Jiri Slaby from comment #2)
Check it once it's built.
Ping -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c7 --- Comment #7 from James Wang <jnwang@suse.com> --- Created attachment 766406 --> http://bugzilla.suse.com/attachment.cgi?id=766406&action=edit verify Jslaby's kernel with nospectre_v2 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c8 --- Comment #8 from James Wang <jnwang@suse.com> --- Created attachment 766408 --> http://bugzilla.suse.com/attachment.cgi?id=766408&action=edit verify Jslaby's kernel without nospectre_v2 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c9 James Wang <jnwang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jnwang@suse.com) | --- Comment #9 from James Wang <jnwang@suse.com> --- Verify fix on (In reply to Jiri Slaby from comment #2)
Building at:
https://build.opensuse.org/project/ monitor?project=home%3Ajirislaby%3Abnc1085958
Check it once it's built.
It works. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c10 --- Comment #10 from Jiri Slaby <jslaby@suse.com> --- Note that spectre_v2=off has the very same problem. So I seem I need to parse spectre_v2 as early_param too. Boo. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c11 --- Comment #11 from James Wang <jnwang@suse.com> --- Created attachment 766421 --> http://bugzilla.suse.com/attachment.cgi?id=766421&action=edit double check with spectre_v2=off -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c12 --- Comment #12 from Jiri Slaby <jslaby@suse.com> --- Pushed to SLE12-SP3. Is SP2 (now LTSS) eager enough to have the fix too? I will check the state in 11-SP4. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| maint:planned:update |maint:planned:update | |ibs:running:7343:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |maint:planned:update |ibs:running:7343:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c13 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2018:1217-1: An update that solves 7 vulnerabilities and has 93 fixes is now available. Category: security (important) Bug References: 1005778,1005780,1005781,1012382,1015336,1015337,1015340,1015342,1015343,1019695,1019699,1022604,1022743,1024296,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075091,1075428,1075994,1076033,1077560,1083125,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084721,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085185,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085958,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088242,1088267,1088313,1088324,1088600,1088684,1088865,1088871,1089198,1089608,1089644,1089752,1089925,802154,810912,812592,813453,880131,966170,966172,966186,966191,969476,969477,981348 CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP3 (src): kernel-rt-4.4.128-3.11.1, kernel-rt_debug-4.4.128-3.11.1, kernel-source-rt-4.4.128-3.11.1, kernel-syms-rt-4.4.128-3.11.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |maint:planned:update | |ibs:running:7413:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |maint:planned:update |ibs:running:7413:important |ibs:running:7413:important | |obs:running:8153:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |maint:planned:update |ibs:running:7413:important |obs:running:8153:important |obs:running:8153:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c14 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2018:1366-1: An update that solves 9 vulnerabilities and has 71 fixes is now available. Category: security (important) Bug References: 1005778,1005780,1005781,1009062,1012382,1015336,1015337,1015340,1015342,1015343,1022604,1022743,1024296,1031492,1036215,1043598,1044596,1056415,1056427,1060799,1068032,1075087,1075091,1075994,1076263,1080157,1082153,1082299,1082485,1082962,1083125,1083635,1083650,1083900,1084721,1085058,1085185,1085511,1085958,1087082,1088242,1088865,1089023,1089115,1089198,1089393,1089608,1089644,1089752,1089895,1089925,1090225,1090643,1090658,1090663,1090708,1090718,1090734,1090953,1091041,1091325,1091728,1091925,1091960,1092289,1092497,1092566,1092904,1093008,1093144,1093215,1094019,802154,966170,966172,966186,966191,969476,969477,981348 CVE References: CVE-2018-1000199,CVE-2018-10087,CVE-2018-10124,CVE-2018-1065,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7492,CVE-2018-8781 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.131-94.29.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.131-94.29.1, kernel-obs-build-4.4.131-94.29.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.131-94.29.1, kernel-source-4.4.131-94.29.1, kernel-syms-4.4.131-94.29.1 SUSE Linux Enterprise Live Patching 12-SP3 (src): kgraft-patch-SLE12-SP3_Update_12-1-4.5.2 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.131-94.29.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.131-94.29.1, kernel-source-4.4.131-94.29.1, kernel-syms-4.4.131-94.29.1 SUSE CaaS Platform ALL (src): kernel-default-4.4.131-94.29.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c15 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2018:1418-1: An update that solves 11 vulnerabilities and has 93 fixes is now available. Category: security (important) Bug References: 1005778,1005780,1005781,1009062,1012382,1015336,1015337,1015340,1015342,1015343,1022604,1022743,1024296,1031492,1036215,1043598,1044596,1056415,1056427,1060799,1066223,1068032,1070404,1073059,1075087,1075091,1075994,1076263,1076805,1080157,1081599,1082153,1082299,1082485,1082962,1083125,1083635,1083650,1083900,1084610,1084699,1084721,1085058,1085185,1085511,1085679,1085958,1086162,1087082,1087274,1088050,1088242,1088267,1088313,1088600,1088684,1088810,1088865,1088871,1089023,1089115,1089198,1089393,1089608,1089644,1089752,1089895,1089925,1090225,1090643,1090658,1090663,1090708,1090718,1090734,1090953,1091041,1091325,1091728,1091960,1092289,1092497,1092566,1092772,1092888,1092904,1092975,1093008,1093035,1093144,1093215,1093990,1094019,1094033,1094059,802154,966170,966172,966186,966191,969476,969477,981348,993388 CVE References: CVE-2017-18257,CVE-2018-1000199,CVE-2018-10087,CVE-2018-10124,CVE-2018-1065,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7492,CVE-2018-8781,CVE-2018-8822 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.132-53.1, kernel-default-4.4.132-53.1, kernel-docs-4.4.132-53.1, kernel-obs-build-4.4.132-53.1, kernel-obs-qa-4.4.132-53.1, kernel-source-4.4.132-53.1, kernel-syms-4.4.132-53.1, kernel-vanilla-4.4.132-53.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 http://bugzilla.suse.com/show_bug.cgi?id=1085958#c20 Takashi Iwai <tiwai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #20 from Takashi Iwai <tiwai@suse.com> --- Leap 42.3 reached EOL. If you still have a same problem on the newer distros, please create a new entry. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Andreas Hasenkopf <ahasenkopf@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1085958 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com