| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jan 2020 02:15:45 +0000
From: Luis Chamberlain <mcgrof@...nel.org>
To: Jari Ruusu <jari.ruusu@...il.com>
Cc: Borislav Petkov <bp@...en8.de>, Fenghua Yu <fenghua.yu@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
johannes.berg@...el.com, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, Hans de Goede <hdegoede@...hat.com>,
Andy Lutomirski <luto@...nel.org>
Subject: Re: Fix built-in early-load Intel microcode alignment
On Mon, Jan 13, 2020 at 09:58:25PM +0200, Jari Ruusu wrote:
> On 1/13/20, Luis Chamberlain <mcgrof@...nel.org> wrote:
> > So what happens with you use the built-in firmware loader for
> > the Intel microcode at this time? I am surprised this issue
> > wasn't reported earlier, so thanks for picking it up, but to
> > be complete such a change requires a bit more information.
> >
> > What exactly happens now?
>
> Before that 16-byte alignment patch was applied, my only one
> microcode built-in BLOB was "accidentally" 16-byte aligned.
How did it accidentially get 16-byte aligned?
Also, how do you *know* something is broken right now? I mean
you issued a patch for stable. I thought you hit a panic or
some issue while loading. If we are not sure this fixes a real
issue as of yet, I can't see the merit for propagating a fix
to stable.
> After that patch was applied, new kernel System.map file was
> exactly same. So, for me that patch did not change anything.
>
> Same 16-byte alignment before and after patch:
>
> $ grep " _fw_.*_bin" System.map
> ffffffff81f55e90 r _fw_intel_ucode_06_8e_09_bin
>
> >> Fix this by forcing all built-in firmware BLOBs to 16-byte
> >> alignment.
> >
> > That's a huge stretch, see below.
>
> I understand and to some degree agree.
>
> > So I'd like to determine first if we really need this.
>
> We do need it. Violating Intel specs is not good. It may be that
> some processor models require aligned and some accept less
> aligned.
Fair point. A fix to follow the spec is however different than to say
without it things don't work, and we need to propagate a fix to stable
kernels.
> > If set as a global new config option, we can use the same logic and
> > allow an architecture override if the user / architecture kconfig
> > configures it such:
> >
> > config ARCH_DEFAULT_FIRMWARE_ALIGNMENT
> > string "Default architecture firmware aligmnent"
> > "4" if 64BIT
> > "3" if !64BIT
> >
> > config FIRMWARE_BUILTIN_ALIGN
> > string "Built in firmware aligment requirement"
> > default ARCH_DEFAULT_FIRMWARE_ALIGNMENT if !ARCH_CUSTOM_FIRMWARE_ALIGNMENT
> > default ARCH_CUSTOM_FIRMWARE_ALIGNMENT_VAL if
> > ARCH_CUSTOM_FIRMWARE_ALIGNMENT
> > Some good description goes here
> >
> > Or something like that.
>
> It doesn't have to user visible config option, only default align
> changed when selected set of options are enabled.
Right, I didn't intend for it to be visible really. It was just an
example of kconfig magic how perhaps how to define this if we needed
something configurable per arch.
> My patch was intentionally minimal, without #ifdef spaghetti.
Thanks for it. We just need to dust it off a bit now.
Luis
Powered by blists - more mailing lists