lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 4 Feb 2019 14:14:30 -0800
From:   Fenghua Yu <fenghua.yu@...el.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Dave Hansen <dave.hansen@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, H Peter Anvin <hpa@...or.com>,
        Ashok Raj <ashok.raj@...el.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Michael Chan <michael.chan@...adcom.com>,
        Ravi V Shankar <ravi.v.shankar@...el.com>,
        Ricardo Neri <ricardo.neri@...el.com>,
        linux-kernel <linux-kernel@...r.kernel.org>, x86 <x86@...nel.org>
Subject: Re: [PATCH v3 08/10] x86/setcpuid: Add kernel option setcpuid

On Mon, Feb 04, 2019 at 10:40:45PM +0100, Borislav Petkov wrote:
> On Mon, Feb 04, 2019 at 12:46:30PM -0800, Dave Hansen wrote:
> > Intel can obviously add or remove enumeration for a feature after
> > silicon ships.  But, that eats up microcode "patch" space which is an
> > even more valuable resource than the microcode "ROM" space.  That patch
> > space is a very constrained resource when creating things like the
> > side-channel mitigations.  The way I read this situation is that this
> > feature fills a bit small of a niche to justify consuming patch space.
> 
> Yap, makes sense. I've heard that argumentation before, btw.
> 
> > So, the compromise we reached in this case is that Intel will fully
> > document the future silicon architecture, and then write the kernel
> > implementation to _that_.
> 
> Yap.
> 
> > Then, for the weirdo deployments where this feature is not enumerated,
> > we have the setcpuid= to fake the enumeration in software.
> >
> > The reason I'm pushing for setcpuid= instead of a one-off is that I
> > don't expect this to be the last time Intel does this. I'd rather have
> > one setcpuid= than a hundred things like "ac_split_lock_disable".
> 
> So my only issue with this is the user having to type this in in order
> to get the feature.

With "setcpuid=", there is no additional code to add as long as
enumeration code is available.

> 
> VS
> 
> automatically enabling it during boot in early_init_intel() or so. No
> need for any user intervention. It'll be just like a forgotten CPUID bit
> and we've done those before.

Every time a new feature like this case, the early_init_intel() needs
to be changed for FMS etc.

I guess that's a reason we want to use "setcpuid=" to deal with different
cases withou changing code.

Thanks.

-Fenghua

Powered by blists - more mailing lists