lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Feb 2018 17:27:39 +0000
From:   "Ghannam, Yazen" <Yazen.Ghannam@....com>
To:     Borislav Petkov <bp@...e.de>
CC:     "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "ard.biesheuvel@...aro.org" <ard.biesheuvel@...aro.org>,
        "x86@...nel.org" <x86@...nel.org>
Subject: RE: [PATCH v2 2/8] efi: Decode IA32/X64 Processor Error Section

> -----Original Message-----
> From: Borislav Petkov [mailto:bp@...e.de]
> Sent: Tuesday, February 27, 2018 12:01 PM
> To: Ghannam, Yazen <Yazen.Ghannam@....com>
> Cc: linux-efi@...r.kernel.org; linux-kernel@...r.kernel.org;
> ard.biesheuvel@...aro.org; x86@...nel.org
> Subject: Re: [PATCH v2 2/8] efi: Decode IA32/X64 Processor Error Section
> 
> On Tue, Feb 27, 2018 at 03:13:11PM +0000, Ghannam, Yazen wrote:
> > I decided to print the Validation Bits as a sanity check for whomever is
> looking
> > at this. Since we only print fields with a valid bit, it may be confusing for
> users
> > who don't know why fields are missing.
> 
> I suggested what to do about that already: print the fields unconditionally.
> 

Sure, we can print the fields unconditionally if Ard is okay with that.

The issue is that the x86 behavior will be different from all the others, so that
might be confusing.

> > Also, I don't think we should be interpreting the spec for the user. We
> should
> > print the fields as they and users can refer back to the spec for more
> information.
> 
> This is a very very bad idea.
> 
> You can just as well dump binary blobs and then add a user script which
> deciphers that. Oh wait, we had that, it is called mcelog and it is a
> huge pain trying to decode an error properly.
> 
> By that same logic, we could simply dump 64-bit MCA MSR values.
> 
> And everytime we get an error, we have to go dig out the spec. Hell no!
> We had that, we know it is awful, we won't have it again.
> 
> You want to decode everything and fully in the kernel so that you can
> have a ready error record which people can simply *read* from dmesg and
> know what the error is.
> 

This set does decode everything fully so that people can read the error. The only
two places there are binary dumps are with the CPUID field and the Context info.

Maybe we can run the CPUID field through some decoder in arch/x86.

I already mentioned in the Context info patch that there could be further
decoding which we can do in the future. The two options that might be a pain
will be the MSR and MM register types, since these will be model and/or
platform specific.

Thanks,
Yazen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ