lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 17 Jan 2014 11:36:50 -0600
From:	Aravind Gopalakrishnan <aravind.gopalakrishnan@....com>
To:	Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>
CC:	Henrique de Moraes Holschuh <hmh@....eng.br>,
	X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
	Kim Naru <kim.naru@....com>,
	Sherry Hurwitz <sherry.hurwitz@....com>
Subject: Re: [PATCH] x86, CPU, AMD: Add workaround for family 16h, erratum
 793

On 1/17/2014 11:02 AM, Borislav Petkov wrote:
> On Fri, Jan 17, 2014 at 08:23:24AM -0800, H. Peter Anvin wrote:
>> Actually I by and large disagree with that. There is a limit, of
>> course, but when it comes to flipping an MSR in init code, the bar is
>> pretty darn low. We have quirks for all kind of hardware, and this is
>> just another example.
> No, you don't. :-)
>
> You would much prefer to have the workaround done in the BIOS and only
> if there's a coverage hole, only then to do it in the kernel.
>
> I'm not saying we shouldn't do it in the kernel per se - I'm saying we
> should do it only when really necessary. And it doesn't hurt to talk
> about it first before inviting in all fixes for all errata for all
> families of all vendors. No, you don't want that, believe me. :-)

Right, so the chip goes into multiple platforms (server,desktop..) and 
this Erratum affects all platforms the chip fits in..
Also, the problem is that we can't be certain how many systems in the 
field carry BIOSes with the fix for this. Therefore,
it is better to insulate ourselves than trust BIOS to do the right thing..

>
>> The effort of a kernel update is much lower, especially since the
>> kernel is generally automatically updated.
> Does that even matter? I think what matters is whether we reboot or not,
> i.e. HA crap. If we have to reboot, we might just as well flash the BIOS
> - it takes almost as long.

True, but isn't the case that it's more *likely* for sys admins to 
resort to updating kernels than program new BIOS?
The alternative would be to update microcode, but there is no microcode 
patch file for this family yet on linux-firmware..

I've got a patch worked up for this anyway; Sending it as separate mail..

Thanks,
Aravind.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ