lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <37c027ee-c6af-2aa2-364b-ed3dcdf8d966@suse.com>
Date:   Fri, 16 Dec 2016 13:15:56 +0100
From:   Juergen Gross <jgross@...e.com>
To:     Borislav Petkov <bp@...e.de>
Cc:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        xen-devel <xen-devel@...ts.xenproject.org>
Subject: Re: Can't boot as Xen dom0 due to commit fe055896

On 16/12/16 11:45, Borislav Petkov wrote:
> On Fri, Dec 16, 2016 at 11:00:29AM +0100, Juergen Gross wrote:
>> Should work. I'm happy to test any patch. :-)
> 
> I'm happy that you're happy to! :-)

That makes me happy. :-D

> Let's try this below.

Okay. Results:

Xen HVM domain is working.
Xen dom0 is working.
Bare metal is working, microcode has been loaded.

So you can add my:

Tested-by: Juergen Gross <jgross@...e.com>
Acked-by: Juergen Gross <jgross@...e.com>


Juergen

> 
> Thanks!
> 
> ---
> diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
> index 6996413c78c3..c4bb2f7169f6 100644
> --- a/arch/x86/kernel/cpu/microcode/core.c
> +++ b/arch/x86/kernel/cpu/microcode/core.c
> @@ -44,7 +44,7 @@
>  #define DRIVER_VERSION	"2.2"
>  
>  static struct microcode_ops	*microcode_ops;
> -static bool dis_ucode_ldr;
> +static bool dis_ucode_ldr = true;
>  
>  LIST_HEAD(microcode_cache);
>  
> @@ -76,6 +76,7 @@ struct cpu_info_ctx {
>  static bool __init check_loader_disabled_bsp(void)
>  {
>  	static const char *__dis_opt_str = "dis_ucode_ldr";
> +	u32 a, b, c, d;
>  
>  #ifdef CONFIG_X86_32
>  	const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
> @@ -88,8 +89,23 @@ static bool __init check_loader_disabled_bsp(void)
>  	bool *res = &dis_ucode_ldr;
>  #endif
>  
> -	if (cmdline_find_option_bool(cmdline, option))
> -		*res = true;
> +	if (!have_cpuid_p())
> +		return *res;
> +
> +	a = 1;
> +	c = 0;
> +	native_cpuid(&a, &b, &c, &d);
> +
> +	/*
> +	 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
> +	 * completely accurate as xen pv guests don't see that CPUID bit set but
> +	 * that's good enough as they don't land on the BSP path anyway.
> +	 */
> +	if (c & BIT(31))
> +		return *res;
> +
> +	if (cmdline_find_option_bool(cmdline, option) <= 0)
> +		*res = false;
>  
>  	return *res;
>  }
> @@ -121,9 +137,6 @@ void __init load_ucode_bsp(void)
>  	if (check_loader_disabled_bsp())
>  		return;
>  
> -	if (!have_cpuid_p())
> -		return;
> -
>  	vendor = x86_cpuid_vendor();
>  	family = x86_cpuid_family();
>  
> @@ -157,9 +170,6 @@ void load_ucode_ap(void)
>  	if (check_loader_disabled_ap())
>  		return;
>  
> -	if (!have_cpuid_p())
> -		return;
> -
>  	vendor = x86_cpuid_vendor();
>  	family = x86_cpuid_family();
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ