lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1518115986-158190-1-git-send-email-ashok.raj@intel.com>
Date:   Thu,  8 Feb 2018 10:53:06 -0800
From:   Ashok Raj <ashok.raj@...el.com>
To:     ashok.raj@...el.com, linux-kernel@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Greg KH <gregkh@...uxfoundation.org>
Subject: [PATCH] x86/microcode: Check if any new features are present after a microcode reload.

When microcode is loaded later after system boot, new microcode could enumerate
new features. It might not be possible to use these new features unless they are
loaded during early boot via initrd or from the BIOS in some cases.

This patch attempts to simply check if there are any differences in feature set
and warns user to use early microcode load before using the new features.

Suggested-by: Andi Kleen <andi.kleen@...el.com>
Signed-off-by: Ashok Raj <ashok.raj@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: David Woodhouse <dwmw@...zon.co.uk>
Cc: Arjan van de Ven <arjan@...ux.intel.com>
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: Tony Luck <tony.luck@...el.com>
Cc: Tim Chen <tim.c.chen@...ux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Borislav Petkov <bp@...en8.de>
---
 arch/x86/kernel/cpu/microcode/intel.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index f7c55b0..0e07035 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -39,6 +39,7 @@
 #include <asm/tlbflush.h>
 #include <asm/setup.h>
 #include <asm/msr.h>
+#include "../kernel/cpu/cpu.h" /* get_cpu_cap() */
 
 static const char ucode_path[] = "kernel/x86/microcode/GenuineIntel.bin";
 
@@ -776,7 +777,7 @@ static int apply_microcode_intel(int cpu)
 {
 	struct microcode_intel *mc;
 	struct ucode_cpu_info *uci;
-	struct cpuinfo_x86 *c;
+	struct cpuinfo_x86 *c, new_cpuinfo;
 	static int prev_rev;
 	u32 rev;
 
@@ -804,17 +805,23 @@ static int apply_microcode_intel(int cpu)
 		return -1;
 	}
 
+	c = &cpu_data(cpu);
 	if (rev != prev_rev) {
 		pr_info("updated to revision 0x%x, date = %04x-%02x-%02x\n",
 			rev,
 			mc->hdr.date & 0xffff,
 			mc->hdr.date >> 24,
 			(mc->hdr.date >> 16) & 0xff);
+		memset(&new_cpuinfo, 0, sizeof (struct cpuinfo_x86));
+		get_cpu_cap(&new_cpuinfo);
+		if (memcmp(&c->x86_capability, &new_cpuinfo.x86_capability,
+			sizeof(new_cpuinfo.x86_capability))) {
+				pr_warn_once("New features found in loaded microcode, but will be ignored\n");
+				pr_warn_once("Please consider either early loading through initrd/built-in or a potential BIOS update.\n");
+		}
 		prev_rev = rev;
 	}
 
-	c = &cpu_data(cpu);
-
 	uci->cpu_sig.rev = rev;
 	c->microcode = rev;
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ