| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161120193442.GA1145@khazad-dum.debian.net>
Date: Sun, 20 Nov 2016 17:34:43 -0200
From: Henrique de Moraes Holschuh <hmh@....eng.br>
To: Borislav Petkov <bp@...en8.de>
Cc: Andy Lutomirski <luto@...capital.net>,
Matthew Whitehead <tedheadster@...il.com>,
Brian Gerst <brgerst@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
X86 ML <x86@...nel.org>
Subject: Re: [PATCH] x86/boot: Fail the boot if !M486 and CPUID is missing
On Sun, 20 Nov 2016, Borislav Petkov wrote:
> We will have set (or not) the X86_FEATURE_CPUID bit at
> early_identify_cpu() time. Looking at the code, we do call sync_core()
> pretty early. :-\
Hmm, watch out for the early microcode update driver for Intel
processors should something get changed in the implementation, or in the
behavior of sync_core().
That driver absolutely needs to issue a cpuid (with EAX = 1) before each
rdmsr(MSR_IA32_UCODE_REV). And it uses sync_core() calls to do it. A
CR2 access just won't do in this extremely specific case.
This kind of pitfall is why I wanted to replace all use of sync_core()
in arch/x86/kernel/cpu/microcode/intel.c with an explicit use of an
inconditional cpuid(eax = 1)...
(note: this protocol to read MSR_IA32_UCODE_REV was made an
architectural requirement a while ago -- it was once considered an
erratum workaround. It is documented in the "Intel 64 and IA‐32
Architectures Software Developer's Manual", Volume 3A: System
Programming Guide, Part 1, section 9.11).
--
Henrique Holschuh
Powered by blists - more mailing lists