| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2016 15:05:21 +0100
From: Borislav Petkov <bp@...e.de>
To: Henrique de Moraes Holschuh <hmh@....eng.br>
Cc: "Luck, Tony" <tony.luck@...el.com>,
Andi Kleen <andi@...stfloor.org>,
Ashok Raj <ashok.raj@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/mce: Include the PPIN in machine check records
when it is available
On Wed, Nov 23, 2016 at 02:37:23PM +0100, Borislav Petkov wrote:
> You can't reenable it:
>
> "LockOut (R/WO)
> Set 1 to prevent further writes to MSR_PPIN_CTL. Writing 1 to
> MSR_PPINCTL[bit 0] is permitted only if MSR_PPIN_CTL[bit 1] is
> clear, Default is 0."
Well, almost.
"Enable_PPIN (R/W)
If 1, enables MSR_PPIN to be accessible using RDMSR. Once set,
attempt to write 1 to MSR_PPIN_CTL[bit 0] will cause #GP.
If 0, an attempt to read MSR_PPIN will cause #GP. Default is 0."
Frankly, I don't get what the deal behind that locking out is. And it
says that BIOS should provide an opt-in so that agent can read the PPIN
and then that agent should *disable* it again by writing 01b to the CTL
MSR.
But then the first paragraph above says that the write
MSR_PPIN_CTL[0]=1b will #GP because MSR_PPIN_CTL[1] will be 1 for the
agent to read out MSR_PPIN first.
I guess we need to write a 00b first to disable PPIN and then write 01b
to lock it out.
So AFAIU, the steps will be:
* BIOS writes 10b
* agent reads MSR_PPIN
* agent writes 00b to disable MSR_PPIN
* agent writes 01b because bit 1 is clear now and it won't #GP.
Meh...
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists