lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210320145546.GC3338@zn.tnic>
Date:   Sat, 20 Mar 2021 15:55:46 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     "Pontes, Otavio" <otavio.pontes@...el.com>
Cc:     "x86@...nel.org" <x86@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Raj, Ashok" <ashok.raj@...el.com>,
        "Luck, Tony" <tony.luck@...el.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] x86/microcode: Check for offline CPUs before
 checking for microcode update

On Fri, Mar 19, 2021 at 06:48:14PM +0000, Pontes, Otavio wrote:
> Turn off one core (2 threads)
> $ echo 0 > /sys/devices/system/cpu/cpu3/online
> $ echo 0 > /sys/devices/system/cpu/cpu1/online
> 
> Install the ucode fails because there's one core off
> $ cp intel-ucode/06-8e-09 /lib/firmware/intel-ucode/
> $ echo 1 > /sys/devices/system/cpu/microcode/reload
> bash: echo: write error: Invalid argument
> 
> Turn the core back on
> $ echo 1 > /sys/devices/system/cpu/cpu3/online
> $ echo 1 > /sys/devices/system/cpu/cpu1/online
> $ cat /proc/cpuinfo |grep microcode
> microcode : 0x30
> microcode : 0xde
> microcode : 0x30
> microcode : 0xde

Yeah, I'm looking at that check_online_cpus() thing and wondering why we
even need that:

0. So you have CPUs 1 and 3 offline.
1. We can update on the subset of cores which are online
2. If a core is offline and comes online, we have the hotplug notifier:

        cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
                                  mc_cpu_online, mc_cpu_down_prep);

which takes care of updating the microcode when that CPU comes online.

So unless your microcode folks don't come back with a real requirement
why all CPUs must absolutely be online for a late update, then the
proper fix is to get rid of check_online_cpus() altogether and update
what's online and the rest will get updated when they come online.

I know Ashok did:

commit 30ec26da9967d0d785abc24073129a34c3211777
Author: Ashok Raj <ashok.raj@...el.com>
Date:   Wed Feb 28 11:28:43 2018 +0100

    x86/microcode: Do not upload microcode if CPUs are offline

    Avoid loading microcode if any of the CPUs are offline, and issue a
    warning. Having different microcode revisions on the system at any time
    is outright dangerous.

but those cores are offlined so they're executing some idle routine...

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ