lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Jan 2018 14:54:17 +0000
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Arjan van de Ven <arjan@...ux.intel.com>
Cc:     Borislav Petkov <bp@...en8.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        David Woodhouse <dwmw2@...radead.org>, karahmed@...zon.de,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        tim.c.chen@...ux.intel.com, peterz@...radead.org,
        pbonzini@...hat.com, ak@...ux.intel.com,
        torvalds@...ux-foundation.org, gregkh@...ux-foundation.org
Subject: Re: [PATCH] x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature
 bits on Intel

On Tue, 30 Jan 2018 06:01:43 -0800
Arjan van de Ven <arjan@...ux.intel.com> wrote:

> On 1/30/2018 5:11 AM, Borislav Petkov wrote:
> > On Tue, Jan 30, 2018 at 01:57:21PM +0100, Thomas Gleixner wrote:  
> >> So much for the theory. That's not going to work. If the boot cpu has the
> >> feature then the alternatives will have been applied. So even if the flag
> >> mismatch can be observed when a secondary CPU comes up the outcome will be
> >> access to a non existing MSR and #GP.  
> > 
> > Yes, with mismatched microcode we're f*cked.  
> 
> I think in the super early days of SMP there was an occasional broken BIOS.
> (and when Linux then did the ucode update it was sane again)
> 
> Not since a long time though (I think the various certification suites check for it now)

The only case I can think of where you'd get a non boot processor that
didn't have the same microcode loaded as the rest on entry to the OS would
be in a system where it was possibly to phyically hot plug processors
post boot.

There are not many such systems and it may be that all of them do
sufficient deeply unmentionable things in their firmware to cover this.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ