lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 May 2011 21:24:10 +0800
From:	huang ying <huang.ying.caritas@...il.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Don Zickus <dzickus@...hat.com>, Huang Ying <ying.huang@...el.com>,
	linux-kernel@...r.kernel.org, Andi Kleen <andi@...stfloor.org>,
	Robert Richter <robert.richter@....com>,
	Andi Kleen <ak@...ux.intel.com>, Borislav Petkov <bp@...en8.de>
Subject: Re: [RFC] x86, NMI, Treat unknown NMI as hardware error

Hi, Ingo,

On Fri, May 13, 2011 at 9:00 PM, Ingo Molnar <mingo@...e.hu> wrote:
>
> * Don Zickus <dzickus@...hat.com> wrote:
>
>> On Fri, May 13, 2011 at 04:23:38PM +0800, Huang Ying wrote:
>> > In general, unknown NMI is used by hardware and firmware to notify
>> > fatal hardware errors to OS. So the Linux should treat unknown NMI as
>> > hardware error and go panic upon unknown NMI for better error
>> > containment.
>>
>> I have a couple of concerns about this patch.  One I don't think BIOSes
>> are ready for this.  I have Intel Westmere boxes that say they have a
>> valid HEST, GHES, and EINJ table, but when I inject an error there is no
>> GHES record.  This leaves me with an unknown NMI and panic.  Yeah, it is a
>> BIOS bug I guess, but I think vendors are going to be slow fixing all this
>> stuff (my Nehalem box is in even worse shape with this stuff).
>
> Agreed, doing this is not a very good idea - we have spurious unknown NMIs
> again and again, crashing the box is not a good idea.

So we use white list to filter out spurious hardware.

> What should be done instead is to add an event for unknown NMIs, which can then
> be processed by the RAS daemon to implement policy.
>
> By using 'active' event filters it could even be set on a system to panic the
> box by default.

If there is real fatal hardware error, maybe we have no luxury to go
from NMI handler to user space RAS daemon to determine what to do.
System may explode, bad data may go to disk before that.

Best Regards,
Huang Ying
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ