lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 11 Jan 2015 01:53:34 +0000
From:	Bryan O'Donoghue <pure.logic@...us-software.ie>
To:	Darren Hart <dvhart@...radead.org>
CC:	tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
	x86@...nel.org, platform-driver-x86@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Matthew Garrett <mjg59@...f.ucam.org>,
	Boon Leong Ong <boon.leong.ong@...el.com>,
	Mel Gorman <mgorman@...e.de>
Subject: Re: [PATCH 2/2] platform/x86: Add Intel Galileo platform specific
 setup


> I'm wondering if there is a need for this to be a platform driver at
> all. Could we, instead, tear down any unlocked IMRs at boot as part of the IMR
> driver itself, as well as lock the kernel .text. Firmware has the option of
> making an IMR mandatory by locking it. If it isn't locked, what use is it to the
> OS without a lot more context? Any sort of policy enforced with IMRs is a
> user-space decision, so clearing out the unlocked ones and then handing off to
> user-space seems like a sane default mode to me.
>
> I discussed this with Boon Leong this afternoon and we couldn't come up with a
> justification for a platform-specific driver to do what this does.

I think there's no technical reason impeding what you've just suggested 
in the IMR init and I'm happy to move the code in there since basically 
any platform with IMR registers could justifiably

a) Tear down everything that's unlocked
b) Place a default IMR around the .text section

No reason it the world that that policy needs to be Galileo specific - 
and it's a valid argument to say - this behaviour can simply be an IMR 
policy in the kernel and less code for the same functionality, that adds 
consistency across x86 is a good thing.

I'll zap the Galileo platform code entirely for V2 unless there's a 
counter-argument from someone.

--
BOD

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ