| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161216094326.bnkr5a2k3njmdeyi@pd.tnic>
Date: Fri, 16 Dec 2016 10:43:26 +0100
From: Borislav Petkov <bp@...e.de>
To: Juergen Gross <jgross@...e.com>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
xen-devel <xen-devel@...ts.xenproject.org>
Subject: Re: Can't boot as Xen dom0 due to commit fe055896
On Fri, Dec 16, 2016 at 10:20:42AM +0100, Juergen Gross wrote:
> Without testing, but I doubt it is working. As pv guests aren't coming
> through check_loader_disabled_bsp() at all I can't see why your patch
> would work for dom0.
Do they go through check_loader_disabled_ap() ?
> Additionally I don't think you want to call native_cpuid() if
> have_cpuid_p() returns false.
Good point, fixed.
> So I think you want a generic "platform_allows_ucode_load()"
> function checking for support of cpuid and virtualization. This
> function should be called both in check_loader_disabled_bsp() and
> check_loader_disabled_ap() to bail out early.
See question above. If they go through check_loader_disabled_ap(),
then I'm inclined to set dis_ucode_ldr to true at build time and let
check_loader_disabled_bsp() set it to false on baremetal or if any of
the other checks pass.
If the pv guests run into check_loader_disabled_ap, then they'll see
dis_ucode_ldr true and return.
Ok?
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists