lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 Jun 2007 18:23:26 -0400
From:	Bill Davidsen <davidsen@....com>
To:	Andi Kleen <andi@...stfloor.org>
CC:	Daniel J Blueman <daniel.blueman@...il.com>,
	Shaohua Li <shaohua.li@...el.com>, jamagallon@....com,
	tigran@...azian.fsnet.co.uk,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: New format Intel microcode...

Andi Kleen wrote:
>> Slashdot carried an article this morning saying that an error in Intel 
>> microcode was being fixed. However, it listed only Windows related sites 
>>     
>
> That's a little misleading. Always dangerous getting your information
> from slashdot. Let's say Intel clarified some corner 
> cases in TLB flushing that have changed with Core2 and not everybody
> got that right. I wouldn't say it was a Intel bug though.
>
>   
Given that the Slashdot note was a pointer to Microsoft and echo of 
their statements of a firmware fix, and that same information is on the 
Microsoft site, I find it hard to find fault with them as a source for 
pointers and some context on why they might be useful. If Intel has 
released new microcode to address the issue, then it seems the code 
didn't function as desired, and it doesn't matter what you call it.
>> for the "fix" download. Is this the same TLB issue? And are these really 
>>     
>
> I think so.
>
>   
That was one question.
>> fixes for Windows to flush the TLB properly the way Linux does?
>>     
>
> On newer Linux 2.6 yes. On 2.4/x86-64 you would need in theory the microcode 
> update too.  (it'll probably show up at some point at the usual place 
> http://urbanmyth.org/microcode/).  Linux/i386 is always fine.
>
> But the problem is very obscure and you can likely ignore it too. If your 
> machine crashes it's very likely something else.
>   

I don't ignore anything I can fix. An ounce of prevention is worth a 
pound of cure. My systems don't currently crash, and that's the intended 
behavior.

I was mainly concerned with this being a new issue, and curious if 
Microsoft was calling an O/S bug a "microcode fix," given that the 
average Windows user doesn't know microcode from nanotech anyway. The 
non-answer from Arjan didn't answer either, and started by calling the 
report FUD, implying that Slashdot was wrong (not about this), and 
issuing so little answer and so much obfuscation that I thought he might 
be running for President. ;-)

I'd like the microcode update, some people elsewhere speculate that user 
level code could effect reliability if not security. I worry that an old 
2.4 kernel would be an issue, even in kvm, if that were the case.

-- 
bill davidsen <davidsen@....com>
  CTO TMR Associates, Inc
  Doing interesting things with small computers since 1979

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ