lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200113154739.GB11244@42.do-not-panic.com>
Date:   Mon, 13 Jan 2020 15:47:39 +0000
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Jari Ruusu <jari.ruusu@...il.com>
Cc:     Borislav Petkov <bp@...en8.de>, Fenghua Yu <fenghua.yu@...el.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        johannes.berg@...el.com, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: Fix built-in early-load Intel microcode alignment

On Sun, Jan 12, 2020 at 03:00:53PM +0200, Jari Ruusu wrote:
> Intel Software Developer's Manual, volume 3, chapter 9.11.6 says:
> "Note that the microcode update must be aligned on a 16-byte
> boundary and the size of the microcode update must be 1-KByte
> granular"
> 
> When early-load Intel microcode is loaded from initramfs,
> userspace tool 'iucode_tool' has already 16-byte aligned those
> microcode bits in that initramfs image. Image that was created
> something like this:
> 
>  iucode_tool --write-earlyfw=FOO.cpio microcode-files...
> 
> However, when early-load Intel microcode is loaded from built-in
> firmware BLOB using CONFIG_EXTRA_FIRMWARE= kernel config option,
> that 16-byte alignment is not guaranteed.

Thanks for the patch!

So what happens with you use the built-in firmware loader for
the Intel microcode at this time? I am surprised this issue
wasn't reported earlier, so thanks for picking it up, but to
be complete such a change requires a bit more information.

What exactly happens now?

> Fix this by forcing all built-in firmware BLOBs to 16-byte
> alignment.

That's a huge stretch, see below.

> Signed-off-by: Jari Ruusu <jari.ruusu@...il.com>
> 
> --- a/drivers/base/firmware_loader/builtin/Makefile
> +++ b/drivers/base/firmware_loader/builtin/Makefile
> @@ -17,7 +17,7 @@
>  filechk_fwbin = \
>  	echo "/* Generated by $(src)/Makefile */"		;\
>  	echo "    .section .rodata"				;\
> -	echo "    .p2align $(ASM_ALIGN)"			;\
> +	echo "    .p2align 4"					;\

You are forcing 16 byte alignment to *all* built-in firmware, and some
architectures may have a different requirement. If things used to work
with ASM_ALIGN which is a construct only used for this code, but your
change fixes it with Intel microcode loading -- it however *may* break
things for other built-in firmware used. In particular if you note above
it used to align things to 2^3 so 8 bytes if on CONFIG_64BIT, otherwise
things get aligned to 2^2 so 4 bytes.

So I'd like to determine first if we really need this. Then if so,
either add a new global config option, and worst comes to worst
figure out a way to do it per driver. I don't think we'd need it
per driver.

If set as a global new config option, we can use the same logic and
allow an architecture override if the user / architecture kconfig
configures it such:

config ARCH_DEFAULT_FIRMWARE_ALIGNMENT
	string "Default architecture firmware aligmnent"
	"4" if 64BIT
	"3" if !64BIT

config FIRMWARE_BUILTIN_ALIGN
	string "Built in firmware aligment requirement"
	default ARCH_DEFAULT_FIRMWARE_ALIGNMENT if !ARCH_CUSTOM_FIRMWARE_ALIGNMENT
	default ARCH_CUSTOM_FIRMWARE_ALIGNMENT_VAL if ARCH_CUSTOM_FIRMWARE_ALIGNMENT
	  Some good description goes here

Or something like that.

 Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ