lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 Jan 2020 21:58:25 +0200
From:   Jari Ruusu <jari.ruusu@...il.com>
To:     Luis Chamberlain <mcgrof@...nel.org>
Cc:     Borislav Petkov <bp@...en8.de>, Fenghua Yu <fenghua.yu@...el.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        johannes.berg@...el.com, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: Fix built-in early-load Intel microcode alignment

On 1/13/20, Luis Chamberlain <mcgrof@...nel.org> wrote:
> So what happens with you use the built-in firmware loader for
> the Intel microcode at this time? I am surprised this issue
> wasn't reported earlier, so thanks for picking it up, but to
> be complete such a change requires a bit more information.
>
> What exactly happens now?

Before that 16-byte alignment patch was applied, my only one
microcode built-in BLOB was "accidentally" 16-byte aligned.

After that patch was applied, new kernel System.map file was
exactly same. So, for me that patch did not change anything.

Same 16-byte alignment before and after patch:

$  grep " _fw_.*_bin" System.map
ffffffff81f55e90 r _fw_intel_ucode_06_8e_09_bin

>> Fix this by forcing all built-in firmware BLOBs to 16-byte
>> alignment.
>
> That's a huge stretch, see below.

I understand and to some degree agree.

> So I'd like to determine first if we really need this.

We do need it. Violating Intel specs is not good. It may be that
some processor models require aligned and some accept less
aligned.

> If set as a global new config option, we can use the same logic and
> allow an architecture override if the user / architecture kconfig
> configures it such:
>
> config ARCH_DEFAULT_FIRMWARE_ALIGNMENT
> 	string "Default architecture firmware aligmnent"
> 	"4" if 64BIT
> 	"3" if !64BIT
>
> config FIRMWARE_BUILTIN_ALIGN
> 	string "Built in firmware aligment requirement"
> 	default ARCH_DEFAULT_FIRMWARE_ALIGNMENT if !ARCH_CUSTOM_FIRMWARE_ALIGNMENT
> 	default ARCH_CUSTOM_FIRMWARE_ALIGNMENT_VAL if
> ARCH_CUSTOM_FIRMWARE_ALIGNMENT
> 	  Some good description goes here
>
> Or something like that.

It doesn't have to user visible config option, only default align
changed when selected set of options are enabled.

My patch was intentionally minimal, without #ifdef spaghetti.

-- 
Jari Ruusu  4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD  ACDF F073 3C80 8132 F189

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ