lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Jun 2021 19:00:20 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     "Luck, Tony" <tony.luck@...el.com>
Cc:     Yazen Ghannam <yazen.ghannam@....com>,
        Smita Koralahalli <Smita.KoralahalliChannabasappa@....com>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        James Morse <james.morse@....com>,
        Robert Richter <rric@...nel.org>
Subject: Re: [PATCH] EDAC/Intel: Do not load EDAC driver when running as a
 guest

On Tue, Jun 15, 2021 at 09:45:25AM -0700, Luck, Tony wrote:
> There's little to no point in loading an EDAC driver running in a guest:
> 1) The CPU model reported by CPUID may not represent actual h/w
> 2) The hypervisor likely does not pass in access to memory controller devices
> 3) Hypervisors generally do not pass corrected error details to guests
> 
> Add a check in each of the Intel EDAC drivers for X86_FEATURE_HYPERVISOR
> and simply return -ENODEV in the init routine.
> 
> Signed-off-by: Tony Luck <tony.luck@...el.com>
> ---
>  drivers/edac/i10nm_base.c | 3 +++
>  drivers/edac/pnd2_edac.c  | 3 +++
>  drivers/edac/sb_edac.c    | 3 +++
>  drivers/edac/skx_base.c   | 3 +++
>  4 files changed, 12 insertions(+)

If you insist... I mean, those drivers won't load for other reasons but
sure.

> diff --git a/drivers/edac/i10nm_base.c b/drivers/edac/i10nm_base.c
> index 238a4ad1e526..fa08622ff2a8 100644
> --- a/drivers/edac/i10nm_base.c
> +++ b/drivers/edac/i10nm_base.c
> @@ -278,6 +278,9 @@ static int __init i10nm_init(void)
>  	if (owner && strncmp(owner, EDAC_MOD_STR, sizeof(EDAC_MOD_STR)))
>  		return -EBUSY;
>  
> +	if (boot_cpu_has(X86_FEATURE_HYPERVISOR))

Can you change that to cpu_feature_enabled() everywhere pls?

We're going to use that single API for checking CPU features from now on
and slowly move away from the others to simplify things.

With that changed you can add:

Acked-by: Borislav Petkov <bp@...e.de>

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ