| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121219234012.GO24895@liondog.tnic>
Date: Thu, 20 Dec 2012 00:40:12 +0100
From: Borislav Petkov <bp@...en8.de>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Jacob Shin <jacob.shin@....com>, Yinghai Lu <yinghai@...nel.org>,
"H. Peter Anvin" <hpa@...ux.intel.com>,
"Yu, Fenghua" <fenghua.yu@...el.com>,
"mingo@...nel.org" <mingo@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"linux-tip-commits@...r.kernel.org"
<linux-tip-commits@...r.kernel.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Stefano Stabellini <Stefano.Stabellini@...citrix.com>
Subject: Re: [tip:x86/microcode] x86/microcode_intel_early.c: Early update
ucode on Intel's CPU
On Wed, Dec 19, 2012 at 03:22:13PM -0800, H. Peter Anvin wrote:
[ … ]
> Now, calming down a little bit, we are definitely dealing with BIOS
> engineers and so f*ckups are going to happen, again and again.
Yeppers.
> The only truly "safe" option is to limit early mappings to 4K pages.
> This is highly undesirable for a bunch of reasons. Reducing mapping
> granularity to 2M rather than 1G (what Yinghai is proposing) does reduce
> the exposure somewhat; it would be interesting to gather trap statistics
> and try to get a feel for if this actually changes the boot time
> measurably or not.
This is done on the BSP, right? So we can measure it how long it takes
by taking TSC values of start and end.
> The other bit is that building the real kernel page tables iteratively
> (ignoring the early page tables here) is safer, since the real page
> table builder is fully aware of the memory map. This means any
> "spillover" from the early page tables gets minimized to regions where
> there are data objects that have to be accessed early.
That shouldn't be a "lot", relatively speaking.
> Since Yinghai already had iterative page table building working, I
> don't see any reason to not use that capability.
>
> Thoughts?
Sounds doable but we should take a hard look at the patches so that we
don't miss anything.
Also, I don't know how stuff like that would be approached for a wider
testing - I mean, it is a serious change in x86 boot code and there will
be issues.
Hmm.
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists