| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52D96A32.5020801@amd.com> Date: Fri, 17 Jan 2014 11:36:50 -0600 From: Aravind Gopalakrishnan <aravind.gopalakrishnan@....com> To: Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com> CC: Henrique de Moraes Holschuh <hmh@....eng.br>, X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>, Kim Naru <kim.naru@....com>, Sherry Hurwitz <sherry.hurwitz@....com> Subject: Re: [PATCH] x86, CPU, AMD: Add workaround for family 16h, erratum 793 On 1/17/2014 11:02 AM, Borislav Petkov wrote: > On Fri, Jan 17, 2014 at 08:23:24AM -0800, H. Peter Anvin wrote: >> Actually I by and large disagree with that. There is a limit, of >> course, but when it comes to flipping an MSR in init code, the bar is >> pretty darn low. We have quirks for all kind of hardware, and this is >> just another example. > No, you don't. :-) > > You would much prefer to have the workaround done in the BIOS and only > if there's a coverage hole, only then to do it in the kernel. > > I'm not saying we shouldn't do it in the kernel per se - I'm saying we > should do it only when really necessary. And it doesn't hurt to talk > about it first before inviting in all fixes for all errata for all > families of all vendors. No, you don't want that, believe me. :-) Right, so the chip goes into multiple platforms (server,desktop..) and this Erratum affects all platforms the chip fits in.. Also, the problem is that we can't be certain how many systems in the field carry BIOSes with the fix for this. Therefore, it is better to insulate ourselves than trust BIOS to do the right thing.. > >> The effort of a kernel update is much lower, especially since the >> kernel is generally automatically updated. > Does that even matter? I think what matters is whether we reboot or not, > i.e. HA crap. If we have to reboot, we might just as well flash the BIOS > - it takes almost as long. True, but isn't the case that it's more *likely* for sys admins to resort to updating kernels than program new BIOS? The alternative would be to update microcode, but there is no microcode patch file for this family yet on linux-firmware.. I've got a patch worked up for this anyway; Sending it as separate mail.. Thanks, Aravind. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists