| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2012 13:04:53 +0200 From: Borislav Petkov <bp@...64.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Andre Przywara <andre.przywara@....com>, Vladimir Davydov <vdavydov@...allels.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Andi Kleen <ak@...ux.intel.com>, Borislav Petkov <borislav.petkov@....com>, "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andreas Herrmann <andreas.herrmann3@....com> Subject: Re: [PATCH 2/2] cpu: intel, amd: mask cleared cpuid features On Tue, Jul 24, 2012 at 11:32:04AM +0100, Alan Cox wrote: > > So actually, making it straightforward to disable CPUID feature bits > > just for every whim is the bug. > > Sometimes its needed to make stuff work. Expecting user space to go > digging in odd places Nah, not odd places. Simply doing "wrmsr... " as root would suffice. > isn't good either but exposing *both* true/apparent cpuid bits might > not be a bad idea. I'm fine with the "might not be a bad idea" thing. I'm saying that it seems like a bad idea in certain cases... > > I'd like to see a real valid reason why someone would even think that. > > Except virtualization folks who are crazy anyway, so that doesn't count :). > > Which is a very large part of the x86 market. So they most definitely do > count. Virtualisation is somewhat different though. There you are trying > to define a subset of the features that all the systems in your > environment have so you can do migrations. Virtualisation you have rather > more different control of the cpuid and msrs anyway. Right and best it would be if *only* virtualization had access to those MSRs and CPUID bits. IOW, you #GP when accessing them in the normal case and access is granted when in VMRUN context. > > Majority of users is majority of users no matter how you look at it! > > That's not a good argument. The majority of users don't have SCSI, > certain processors and so on ... or coffee machines ... :-) > > Right, and how is giving the user a heavy, well-oiled AK-47 to do that, > > user-friendly? > > It's a point and click interface Or rather, aim and squeeze :-) > > And this is exactly what I'm questioning: the usability, or rather, the > > mis-usability of such a feature. > > What goes with that is "so how do you do it otherwise". Not much more harder using msr-tools and easily scriptable. See above. > Distros can certainly add patches for such features if needed but that > just makes it even more fun to debug. That's easy: the first question we ask from the bug reporter is (and you do that too, btw - I've seen you dozens of times :-)) "can you reproduce it with mainline"? > Does "bind mount your own cpuid file" cover this ? Well, AFAICU, the writes to the MSRs are globally visible. If you're asking whether through bind-mounting your own cpuid file we're making the process of toggling CPUID bits more involved versus using simply kernel command line options then this is probably a step in the right direction IMHO, BUT (!)... ... there's still a software-only solution needed for CPUID leafs which cannot be toggled through MSR writes simply because there are no such MSRs. The solution to that situation could cover all issues without touching the kernel. -- Regards/Gruss, Boris. Advanced Micro Devices GmbH Einsteinring 24, 85609 Dornach GM: Alberto Bozzo Reg: Dornach, Landkreis Muenchen HRB Nr. 43632 WEEE Registernr: 129 19551 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists