lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87r1tor7yj.fsf@nanos.tec.linutronix.de>
Date:   Mon, 06 Jul 2020 17:15:00 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Sean Christopherson <sean.j.christopherson@...el.com>,
        Mihai Carabas <mihai.carabas@...cle.com>
Cc:     linux-kernel@...r.kernel.org, mingo@...hat.com, bp@...en8.de,
        x86@...nel.org, boris.ostrovsky@...cle.com, konrad.wilk@...cle.com
Subject: Re: [PATCH RFC 0/7] CPU feature evaluation after microcode late loading

Sean Christopherson <sean.j.christopherson@...el.com> writes:
> On Thu, Jul 02, 2020 at 06:18:20PM +0300, Mihai Carabas wrote:
>> This RFC patch set aims to provide the ability to re-evaluate all CPU
>> features and take proper bug mitigation in place after a microcode
>> late loading.
>> 
>> This was debated last year and this patch set implements a subset of
>> point #2 from Thomas Gleixner's idea:
>> https://lore.kernel.org/lkml/alpine.DEB.2.21.1909062237580.1902@nanos.tec.linutronix.de/

An incomplete and dangerous subset.

> KVM aside, it wouldn't surprise in the least if there is other code in the
> kernel that captures bug state locally.  This series feels like it needs a
> fair bit of infrastructure to either detect conflicting usage at build time
> or actively prevent consuming stale state at runtime.
>
> There's also the problem of the flags being exposed to userspace via
> /proc/cpuinfo, though I suppose that's userspace's problem to not shoot
> itself in the foot.

User space is the least of my worries. Inconsistent kernel state as I
described in my mail referenced above is the far more dangerous issue.

And just reevaluating some bits is not covering the whole
problem. Microcode can bring substantial changes and as long as we don't
have any clear advise and documentation from the vendors it's all
wishful thinking.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ