lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 5 Sep 2019 23:22:31 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     "Raj, Ashok" <ashok.raj@...el.com>
cc:     Borislav Petkov <bp@...en8.de>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Mihai Carabas <mihai.carabas@...cle.com>,
        "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
        Jon Grimm <Jon.Grimm@....com>, kanth.ghatraju@...cle.com,
        konrad.wilk@...cle.com, patrick.colp@...cle.com,
        Tom Lendacky <thomas.lendacky@....com>,
        x86-ml <x86@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/microcode: Add an option to reload microcode even
 if revision is unchanged

Raj,

On Thu, 5 Sep 2019, Raj, Ashok wrote:
> On Thu, Sep 05, 2019 at 09:20:29AM +0200, Borislav Petkov wrote:
> > On Wed, Sep 04, 2019 at 05:21:32PM -0700, Raj, Ashok wrote:
> > > But echo 2 > reload would allow reading a microcode file from 
> > > /lib/firmware/intel-ucode/ even if the revision hasn't changed right?
> > > 
> > > #echo 1 > reload wouldn't load if the revision on disk is same as what's loaded,
> > > and we want to permit that with the echo 2 option.
> > 
> > Then before we continue with this, please specify what the exact
> > requirements are. Talk to your microcoders or whoever is going to use
> > this and give the exact use cases which should be supported and describe
> > them in detail.
> 
> https://lore.kernel.org/lkml/1567056803-6640-1-git-send-email-ashok.raj@intel.com/
> 
> The original description said to load a new microcode file, the content
> could have changed, but revision in the header hasn't increased. 
> 
> The other rules are same, i.e we can't go backwards. There is another
> SVN (Security version number) embedded in the microcode which won't allow
> going backwards anyway. 
> 
> I'll get back to you if there are additional uses, but allowing the facility to 
> actually read the file achieves the same purpose as using the in-kernel copy.
> 
> I have used it multiple times during development :-)

That's all nice, but what it the general use case for this outside of Intel's
microcode development and testing?

We all know that late microcode loading has severe limitations and we
really don't want to proliferate that further if not absolutely required
for something which needs this in a place which cannot deal with out of
tree patches or have some special kernel package for that purpose
installed. Intel's microcode devel/testing does not qualify obviously.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ