lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121219234012.GO24895@liondog.tnic> Date: Thu, 20 Dec 2012 00:40:12 +0100 From: Borislav Petkov <bp@...en8.de> To: "H. Peter Anvin" <hpa@...or.com> Cc: Jacob Shin <jacob.shin@....com>, Yinghai Lu <yinghai@...nel.org>, "H. Peter Anvin" <hpa@...ux.intel.com>, "Yu, Fenghua" <fenghua.yu@...el.com>, "mingo@...nel.org" <mingo@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "linux-tip-commits@...r.kernel.org" <linux-tip-commits@...r.kernel.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Stefano Stabellini <Stefano.Stabellini@...citrix.com> Subject: Re: [tip:x86/microcode] x86/microcode_intel_early.c: Early update ucode on Intel's CPU On Wed, Dec 19, 2012 at 03:22:13PM -0800, H. Peter Anvin wrote: [ … ] > Now, calming down a little bit, we are definitely dealing with BIOS > engineers and so f*ckups are going to happen, again and again. Yeppers. > The only truly "safe" option is to limit early mappings to 4K pages. > This is highly undesirable for a bunch of reasons. Reducing mapping > granularity to 2M rather than 1G (what Yinghai is proposing) does reduce > the exposure somewhat; it would be interesting to gather trap statistics > and try to get a feel for if this actually changes the boot time > measurably or not. This is done on the BSP, right? So we can measure it how long it takes by taking TSC values of start and end. > The other bit is that building the real kernel page tables iteratively > (ignoring the early page tables here) is safer, since the real page > table builder is fully aware of the memory map. This means any > "spillover" from the early page tables gets minimized to regions where > there are data objects that have to be accessed early. That shouldn't be a "lot", relatively speaking. > Since Yinghai already had iterative page table building working, I > don't see any reason to not use that capability. > > Thoughts? Sounds doable but we should take a hard look at the patches so that we don't miss anything. Also, I don't know how stuff like that would be approached for a wider testing - I mean, it is a serious change in x86 boot code and there will be issues. Hmm. -- Regards/Gruss, Boris. Sent from a fat crate under my desk. Formatting is fine. -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists