| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YellN/3VCasDI3OD@zn.tnic>
Date: Thu, 20 Jan 2022 14:35:51 +0100
From: Borislav Petkov <bp@...en8.de>
To: Tony Luck <tony.luck@...el.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Smita Koralahalli Channabasappa
<smita.koralahallichannabasappa@....com>,
Wei Huang <wei.huang2@....com>,
Tom Lendacky <thomas.lendacky@....com>, patches@...ts.linux.dev
Subject: Re: [PATCH 5/5] x86/sysfs: Add PPIN in sysfs under cpu topology
On Fri, Jan 07, 2022 at 02:54:42PM -0800, Tony Luck wrote:
> PPIN is the Protected Processor Identification Number.
> This is used to identify the socket as a Field Replaceable Unit (FRU).
>
> Existing code only displays this when reporting errors. But this makes
> it inconvenient for large clusters to use it for its intended purpose
> of inventory control.
Do you have any concrete use cases you can cite here or this is one of
those: "let's make it available and see who'll use it" thing?
Because defeaturing a user-visible thing later is always a pain.
> There are several privacy concerns associated with a unique
> platform identifier. But making the PPIN available shouldn't
> change anything important. Notes:
>
> 1) The PPIN is only enabled on server CPUs (E.g. Intel Xeon
> "-E5", "-E7" and "-SP" parts).
Can't use that as an argument - that can easily change in the future.
> 2) The PPIN MSR is may be implemented on some desktop/laptop parts.
s/is //
> But this is for OEM inventory control. Production BIOS versions
> leave the PPIN_CTL MSR in the "locked disabled" mode.
That either. Never let the BIOS do your work for you. :-)
> 3) There may be a BIOS option to lock the MSR in disabled mode
> to prevent Linux from reading it.
>
> 4) The /sys file added here is readable only by "root".
Yap, that's the argument: your patch simply makes what is already
accessible to root through rdmsr in a more user-friendly way.
> Signed-off-by: Tony Luck <tony.luck@...el.com>
> ---
> Documentation/ABI/stable/sysfs-devices-system-cpu | 4 ++++
> Documentation/ABI/testing/sysfs-devices-system-cpu | 6 ++++++
> arch/x86/include/asm/topology.h | 1 +
> drivers/base/topology.c | 4 ++++
> include/linux/topology.h | 3 +++
> 5 files changed, 18 insertions(+)
> diff --git a/drivers/base/topology.c b/drivers/base/topology.c
> index 793c592e533a..4c8674715d36 100644
> --- a/drivers/base/topology.c
> +++ b/drivers/base/topology.c
> @@ -54,6 +54,9 @@ static DEVICE_ATTR_RO(cluster_id);
> define_id_show_func(core_id, "%d");
> static DEVICE_ATTR_RO(core_id);
>
> +define_id_show_func(ppin, "%llx");
"0x%llx"
Otherwise it is ambiguous.
> diff --git a/arch/x86/include/asm/topology.h b/arch/x86/include/asm/topology.h
> index cc164777e661..caba7db8c7b6 100644
> --- a/arch/x86/include/asm/topology.h
> +++ b/arch/x86/include/asm/topology.h
> @@ -110,6 +110,7 @@ extern const struct cpumask *cpu_clustergroup_mask(int cpu);
> #define topology_logical_die_id(cpu) (cpu_data(cpu).logical_die_id)
> #define topology_die_id(cpu) (cpu_data(cpu).cpu_die_id)
> #define topology_core_id(cpu) (cpu_data(cpu).cpu_core_id)
> +#define topology_ppin(cpu) (cpu_data(cpu).ppin)
That looks unused. No need to add it.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists