lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150426192756.17cb5540@netblarch.fritz.box>
Date:	Sun, 26 Apr 2015 19:27:56 +0200
From:	Alexander Hirsch <1zeeky@...il.com>
To:	Borislav Petkov <bp@...en8.de>
Cc:	linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH] x86/microcode: Allow early loading without initrd

On Sun, 26 Apr 2015 18:16:09 +0200
Borislav Petkov <bp@...en8.de> wrote:

> 
> Yeah, it is removed but it adds a bunch of ugly ifdeffery which makes
> the code even more unreadable than it is :-\
> 

I wasn't to happy about the nested ifdefs either, but given my inexperience in the kernel code I didn't want to push things around too much.
It should be possible to better hide the X86_32 pointer wizardry in a macro, but I wouldn't trust myself submitting patches for code I didn't run. Perhaps I should and just ask for testers.

> 
> In the future, please CC me on microcode loader patches.
> 

Will do.

> 
> * why do you even bother - BLK_DEV_INITRD gets enabled on all distro
> kernels and almost everything running Linux so why bother? Or do you
> have a special use case which doesn't want BLK_DEV_INITRD. I'd be
> interested to hear about it.
> 

I trimmed my kernel config down to what I need, think I need or don't trust myself to know if I can disable it.
There is nothing actually hindering me from using an initrd, so this patch, at least for me personally, does not have a high priority to become mainlined. It still would be nice of course.

I had some segfaults due to the broken lock elision features of my CPU and found out that built-in microcode isn't considered (in the stable kernel).
When I saw your patch for loading built-in microcode I simply thought that this would allow me to have early microcode patching without the need of an initrd.

Boot-time might be improved by this and of course a few bytes are saved, but all in all probably not noteworthy. I did it, because (I thought) I can.

> * the early loader was done with initrd in mind and it was/still is its
> main source for microcode blobs early in the boot. So if we want to
> make it not-mandatory, then the driver needs to be reorganized so that
> builtin blobs and initrd blobs loading paths are cleanly untangled. The
> ifdeffery thing might work now but is certainly not future-proof so it
> would need to be designed in a cleaner way.
> 
> Perhaps something like a microcode cache of patches the AMD loader has,
> all decoupled from the loading paths or so... I don't have a good idea
> right now. I'll have to think about it.
> 

It seems logical that the code was written with initrd in mind for early boot.

What would be the downside of a microcode cache?
I didn't follow the whole flow of how the CPUs get to their microcode patches, but I thought the mc_saved* stuff did caching of the microcode, since scan_microcode, the only user of load_builtin_intel_microcode, is only called for the BSP and the other cores thus seem to get it from somewhere else.

Thanks,
Alexander Hirsch
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ