| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 May 2011 11:51:47 +0400
From: Cyrill Gorcunov <gorcunov@...il.com>
To: huang ying <huang.ying.caritas@...il.com>
CC: Huang Ying <ying.huang@...el.com>, Ingo Molnar <mingo@...e.hu>,
Don Zickus <dzickus@...hat.com>, linux-kernel@...r.kernel.org,
Andi Kleen <andi@...stfloor.org>,
Robert Richter <robert.richter@....com>,
Andi Kleen <ak@...ux.intel.com>
Subject: Re: [RFC] x86, NMI, Treat unknown NMI as hardware error
On 05/14/2011 04:26 AM, huang ying wrote:
> On Fri, May 13, 2011 at 11:17 PM, Cyrill Gorcunov <gorcunov@...il.com> wrote:
>> On 05/13/2011 12:23 PM, Huang Ying wrote:
>>> In general, unknown NMI is used by hardware and firmware to notify
>>> fatal hardware errors to OS. So the Linux should treat unknown NMI as
>>> hardware error and go panic upon unknown NMI for better error
>>> containment.
>>>
>>> But there are some legacy machine which would randomly send unknown
>>> NMIs for no good reason. To support these machines, a white list
>>> mechanism is provided to treat unknown NMI as hardware error only on
>>> some known working system.
>>>
>>> These systems are identified via the presentation of APEI HEST or
>>> some PCI ID of the host bridge. The PCI ID of host bridge instead of
>>> DMI ID is used, so that the checking can be done based on the platform
>>> type instead of motherboard. This should be simpler and sufficient.
>>>
>>> The method to identify the platforms is designed by Andi Kleen.
>>>
>>> Signed-off-by: Huang Ying <ying.huang@...el.com>
>>> Cc: Andi Kleen <ak@...ux.intel.com>
>>> Cc: Don Zickus <dzickus@...hat.com>
>>> ---
>> ...
>>
>> Hi Ying,
>>
>> just curious (regardless the concerns Don and Ingo have) -- if there still a need
>> for such semi-unknown nmi handling maybe it's worth to register a *notifier* for it
>> and we panic only when user *explicitly* specify how to treat this class of NMIs
>> (via say "hest-nmi-panic" boot option or something like that). Maybe such partially
>> modular scheme would be better? If only I don't miss anything.
>
> Hi, Cyrill,
>
> IMHO, Pushing all policy to user is not good too. How many users
> understand unknown NMI and hardware error clearly? It is better if we
> can determine what is the right behavior.
>
> Best Regards,
> Huang Ying
Hi Ying,
yes, is not good. But at least we *must* provide a way to turn this new feature off
via command line I think. One of a reason for me is perf unknown nmis (at moment we seems
to have captured and cured all parasite NMIs sources but there is no guarantee we wont
meet them in future due to some code change or whatever). And bloating trap.c with
new if()'s is not that good I guess, that is why I asked if there a way to do all the
work via notifiers ;)
--
Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists