| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Sep 2014 18:00:12 -0700 From: Andy Lutomirski <luto@...capital.net> To: "H. Peter Anvin" <hpa@...or.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Chuck Ebbert <cebbert.lkml@...il.com>, Borislav Petkov <bp@...en8.de>, Henrique de Moraes Holschuh <hmh@....eng.br> Subject: Re: x86, microcode: BUG: microcode update that changes x86_capability On Sep 18, 2014 5:28 PM, "H. Peter Anvin" <hpa@...or.com> wrote: > > The cpuid bit gets twiddled... Yes, but how? I assume that BIOS isn't switching between two different ucode blobs, and I don't know about any wrcpuid instruction. So there must be *some* way, at least on new ucode (and maybe on old ucode) to change that bit. If we could do that in the kernel, we might be able to come up with a more intelligent way to handle this ucode gotcha (such as, ideally, clearing the bit ourselves on old ucode). > > On September 18, 2014 5:23:40 PM PDT, Andy Lutomirski <luto@...capital.net> wrote: > >On Sep 18, 2014 5:13 PM, "Henrique de Moraes Holschuh" <hmh@....eng.br> > >wrote: > >> > >> On Thu, 18 Sep 2014, Henrique de Moraes Holschuh wrote: > >> > On Thu, 18 Sep 2014, H. Peter Anvin wrote: > >> > > We should, but this is also part of why we want the early ucode > >capability. > >> > > >> > Well, yes. But that won't help the several stable and LTS distros > >with > >> > kernels without early ucode update support. > >> > >> Here's a plan that might work, pending actually checking the > >libpthread TSX > >> code to make sure it keys on /proc/cpuinfo flags: > > > >Surely it checks cpuid directly, though. > > > >Can we twiddle the cpuid bit? I never noticed any way in the docs to > >do it, but if BIOS has such an ability, maybe we do, too. I wonder if > >there's anything semi-documented in biosbits, or if we could just > >reverse-engineer it. > > > >--Andy > > > >> > >> Add a cpu quirk, triggered by the Haswell cpuids, to force-disable > >hle on > >> the affected processors. > >> > >> This will work around the x86_capability capability issue (which > >should > >> still be fixed, anyway), and it should also get userspace to stay > >away from > >> TSX, therefore also working around the worst issue (processes getting > >> SIGILL). > >> > >> This will disable the "user may ask the BIOS to keep TSX enabled" > >> anti-feature, though. This drawback can be avoided, but only if a > >future > >> microcode update won't re-disable hle when the BIOS enabled it. For > >now, I > >> suggest that we decree that "hle is toast" for the current Haswells > >and add > >> back ways to enable it for testing when we know more about it. > >> > >> -- > >> "One disk to rule them all, One disk to find them. One disk to > >bring > >> them all and in the darkness grind them. In the Land of Redmond > >> where the shadows lie." -- The Silicon Valley Tarot > >> Henrique Holschuh > > -- > Sent from my mobile phone. Please pardon brevity and lack of formatting. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists