| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7ca8a9b9-e374-8052-6be3-d3eda78c891a@suse.com>
Date: Fri, 16 Dec 2016 11:00:29 +0100
From: Juergen Gross <jgross@...e.com>
To: Borislav Petkov <bp@...e.de>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
xen-devel <xen-devel@...ts.xenproject.org>
Subject: Re: Can't boot as Xen dom0 due to commit fe055896
On 16/12/16 10:43, Borislav Petkov wrote:
> On Fri, Dec 16, 2016 at 10:20:42AM +0100, Juergen Gross wrote:
>> Without testing, but I doubt it is working. As pv guests aren't coming
>> through check_loader_disabled_bsp() at all I can't see why your patch
>> would work for dom0.
>
> Do they go through check_loader_disabled_ap() ?
Yes.
>
>> Additionally I don't think you want to call native_cpuid() if
>> have_cpuid_p() returns false.
>
> Good point, fixed.
>
>> So I think you want a generic "platform_allows_ucode_load()"
>> function checking for support of cpuid and virtualization. This
>> function should be called both in check_loader_disabled_bsp() and
>> check_loader_disabled_ap() to bail out early.
>
> See question above. If they go through check_loader_disabled_ap(),
> then I'm inclined to set dis_ucode_ldr to true at build time and let
> check_loader_disabled_bsp() set it to false on baremetal or if any of
> the other checks pass.
>
> If the pv guests run into check_loader_disabled_ap, then they'll see
> dis_ucode_ldr true and return.
>
> Ok?
Should work. I'm happy to test any patch. :-)
Juergen
Powered by blists - more mailing lists