| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 May 2016 09:42:20 -0300 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: Andi Kleen <andi@...stfloor.org>, x86@...nel.org Cc: linux-kernel@...r.kernel.org, Andi Kleen <ak@...ux.intel.com> Subject: Re: [PATCH] x86: Report Intel platform_id in /proc/cpuinfo On Thu, May 5, 2016, at 07:12, Andi Kleen wrote: > We have a need to distinguish systems based on their platform ID. > For example this is useful to distinguish systems with L4 cache > versus ones without. Thank you for doing this, it will be useful. > There is a 5 bit identifier (also called processor flags) in > the IA32_PLATFORM_ID MSR that can give a more fine grained > identification of the CPU than just the model number/stepping. There's a relevant typo, there. Suggestion: "There is a 3-bit identifier (bits 52:50, also called processor flags) in..." > IA32_PLATFORM_ID is architectural. > > The processor flags are already used in the microcode driver. > The MSR can be also accessed through /dev/cpu/*/msr, but that > requires root and is awkward. The existence of /dev/cpu/*/msr is actively dangerous, except maybe inside a VM when the hypervisor does whitelisted-only filtering of MSR access. That thing should either die ASAP, or to grow a processor vendor-family-model-aware whitelist. That said, the microcode-related platform ID bits (in microcode processor flags mask format) are available in sysfs when the microcode driver is loaded, at: /sys/devices/system/cpu/cpu*/microcode/processor_flags However, there is real value in exporting these values in /proc/cpuinfo (it will show up in the typical debugging output, and it will all be in one single place), so I *do* agree that we should add platform_id to /proc/cpuinfo on Intel. Do note we are still missing the real microcode signature, which *cannot* be fully derived from /proc/cpuinfo contents right now, even when you have the platform_id bits from MSR 17h, because it is missing some bits from cpuid(1).EAX. The last time one of these cpuid bits was not zero was, AFAIK, for the "Pentium Overdrive Processors"... but we now have Intel x86 SoCs, and I have seen the two "type" bits from cpuid(1).EAX refered as "SoC type" in at least one recent Intel document (sorry, I can't remember which), which leads me to believe they might see some reuse sooner or later. So, might also want to add a "processor signature" field, which is the full contents of EAX for cpuid(1). This would also shown on AMD processors for completeness. Alternatively, we could add a "microcode id" or "microcode signature" field for Intel instead of the proposed "platform_id" field. The microcode id field would have both the contents of cpuid(1).eax *and* "1 << MSR 17h [52:50]", e.g. "microcode_id: 0x106a5, 0x02". > This patch just exports the value retrieved by the microcode > driver in /proc/cpuinfo. If the microcode driver is disabled > it won't be shown, but that seems reasonable. Agreed. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Powered by blists - more mailing lists