lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140117170213.GG8715@pd.tnic>
Date:	Fri, 17 Jan 2014 18:02:13 +0100
From:	Borislav Petkov <bp@...en8.de>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Henrique de Moraes Holschuh <hmh@....eng.br>,
	Aravind Gopalakrishnan <aravind.gopalakrishnan@....com>,
	X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
	Kim Naru <kim.naru@....com>,
	Sherry Hurwitz <sherry.hurwitz@....com>
Subject: Re: [PATCH] x86, CPU, AMD: Add workaround for family 16h, erratum 793

On Fri, Jan 17, 2014 at 08:23:24AM -0800, H. Peter Anvin wrote:
> Actually I by and large disagree with that. There is a limit, of
> course, but when it comes to flipping an MSR in init code, the bar is
> pretty darn low. We have quirks for all kind of hardware, and this is
> just another example.

No, you don't. :-)

You would much prefer to have the workaround done in the BIOS and only
if there's a coverage hole, only then to do it in the kernel.

I'm not saying we shouldn't do it in the kernel per se - I'm saying we
should do it only when really necessary. And it doesn't hurt to talk
about it first before inviting in all fixes for all errata for all
families of all vendors. No, you don't want that, believe me. :-)

> The effort of a kernel update is much lower, especially since the
> kernel is generally automatically updated.

Does that even matter? I think what matters is whether we reboot or not,
i.e. HA crap. If we have to reboot, we might just as well flash the BIOS
- it takes almost as long.

> It would be awesome if that was done for firmware, but in the absence
> of central distribution, arbitrary EOL sunsets, and a standard
> OS-driven firmware installer,

Oh, the brave new world of UEFI wants to address that - it is supposed
to flash the firmware from the OS. OEM vendors have their home grown
solutions already, as I'm sure you know.

> it just isn't going to happen widely Yes, that is a problem.

That definitely is a problem.

-- 
Regards/Gruss,
    Boris.

Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ