| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180228131156.i4y6la7besdflffd@khazad-dum.debian.net>
Date: Wed, 28 Feb 2018 10:11:56 -0300
From: Henrique de Moraes Holschuh <hmh@....eng.br>
To: Borislav Petkov <bp@...en8.de>
Cc: X86 ML <x86@...nel.org>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>,
Ashok Raj <ashok.raj@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 4/7] x86/microcode: Do not upload microcode if CPUs are
offline
On Wed, 28 Feb 2018, Borislav Petkov wrote:
> Avoid loading microcode if any of the CPUs are offline, and issue a
> warning. Having different microcode revisions on the system at any time
> is outright dangerous.
Even if we update that microcode during CPU early bring-up, before we
mark it on-line and start using it?
AFAIK, late-loading or not, this is what should happen in the current
code: APs that are brought up after a microcode update is loaded (either
by the early or late driver, it doesn't matter) will be always
*early-updated* to the new microcode.
Is it dangerous to have an offline core at an older microcode revision
than the online cores?
I am not against the patch, mind you, but I am curious about why it is
supposed to be dangerous if we're updating the CPUs before we start
using them *anyway*.
Also, if this is really dangerous, does it means safe CPU hotplug isn't
possible? AFAICT, the firmware would have to do it for us, but it
*doesn't* have the up-to-date microcode (*we* had to update it)...
--
Henrique Holschuh
Powered by blists - more mailing lists