lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2019 14:14:30 -0800 From: Fenghua Yu <fenghua.yu@...el.com> To: Borislav Petkov <bp@...en8.de> Cc: Dave Hansen <dave.hansen@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, H Peter Anvin <hpa@...or.com>, Ashok Raj <ashok.raj@...el.com>, Peter Zijlstra <peterz@...radead.org>, Michael Chan <michael.chan@...adcom.com>, Ravi V Shankar <ravi.v.shankar@...el.com>, Ricardo Neri <ricardo.neri@...el.com>, linux-kernel <linux-kernel@...r.kernel.org>, x86 <x86@...nel.org> Subject: Re: [PATCH v3 08/10] x86/setcpuid: Add kernel option setcpuid On Mon, Feb 04, 2019 at 10:40:45PM +0100, Borislav Petkov wrote: > On Mon, Feb 04, 2019 at 12:46:30PM -0800, Dave Hansen wrote: > > Intel can obviously add or remove enumeration for a feature after > > silicon ships. But, that eats up microcode "patch" space which is an > > even more valuable resource than the microcode "ROM" space. That patch > > space is a very constrained resource when creating things like the > > side-channel mitigations. The way I read this situation is that this > > feature fills a bit small of a niche to justify consuming patch space. > > Yap, makes sense. I've heard that argumentation before, btw. > > > So, the compromise we reached in this case is that Intel will fully > > document the future silicon architecture, and then write the kernel > > implementation to _that_. > > Yap. > > > Then, for the weirdo deployments where this feature is not enumerated, > > we have the setcpuid= to fake the enumeration in software. > > > > The reason I'm pushing for setcpuid= instead of a one-off is that I > > don't expect this to be the last time Intel does this. I'd rather have > > one setcpuid= than a hundred things like "ac_split_lock_disable". > > So my only issue with this is the user having to type this in in order > to get the feature. With "setcpuid=", there is no additional code to add as long as enumeration code is available. > > VS > > automatically enabling it during boot in early_init_intel() or so. No > need for any user intervention. It'll be just like a forgotten CPUID bit > and we've done those before. Every time a new feature like this case, the early_init_intel() needs to be changed for FMS etc. I guess that's a reason we want to use "setcpuid=" to deal with different cases withou changing code. Thanks. -Fenghua
Powered by blists - more mailing lists