lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YellN/3VCasDI3OD@zn.tnic>
Date:   Thu, 20 Jan 2022 14:35:51 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Tony Luck <tony.luck@...el.com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Smita Koralahalli Channabasappa 
        <smita.koralahallichannabasappa@....com>,
        Wei Huang <wei.huang2@....com>,
        Tom Lendacky <thomas.lendacky@....com>, patches@...ts.linux.dev
Subject: Re: [PATCH 5/5] x86/sysfs: Add PPIN in sysfs under cpu topology

On Fri, Jan 07, 2022 at 02:54:42PM -0800, Tony Luck wrote:
> PPIN is the Protected Processor Identification Number.
> This is used to identify the socket as a Field Replaceable Unit (FRU).
> 
> Existing code only displays this when reporting errors. But this makes
> it inconvenient for large clusters to use it for its intended purpose
> of inventory control.

Do you have any concrete use cases you can cite here or this is one of
those: "let's make it available and see who'll use it" thing?

Because defeaturing a user-visible thing later is always a pain.

> There are several privacy concerns associated with a unique
> platform identifier. But making the PPIN available shouldn't
> change anything important. Notes:
> 
> 1) The PPIN is only enabled on server CPUs (E.g. Intel Xeon
> "-E5", "-E7" and "-SP" parts).

Can't use that as an argument - that can easily change in the future.

> 2) The PPIN MSR is may be implemented on some desktop/laptop parts.

s/is //

> But this is for OEM inventory control. Production BIOS versions
> leave the PPIN_CTL MSR in the "locked disabled" mode.

That either. Never let the BIOS do your work for you. :-)

> 3) There may be a BIOS option to lock the MSR in disabled mode
> to prevent Linux from reading it.
> 
> 4) The /sys file added here is readable only by "root".

Yap, that's the argument: your patch simply makes what is already
accessible to root through rdmsr in a more user-friendly way.

> Signed-off-by: Tony Luck <tony.luck@...el.com>
> ---
>  Documentation/ABI/stable/sysfs-devices-system-cpu  | 4 ++++
>  Documentation/ABI/testing/sysfs-devices-system-cpu | 6 ++++++
>  arch/x86/include/asm/topology.h                    | 1 +
>  drivers/base/topology.c                            | 4 ++++
>  include/linux/topology.h                           | 3 +++
>  5 files changed, 18 insertions(+)

> diff --git a/drivers/base/topology.c b/drivers/base/topology.c
> index 793c592e533a..4c8674715d36 100644
> --- a/drivers/base/topology.c
> +++ b/drivers/base/topology.c
> @@ -54,6 +54,9 @@ static DEVICE_ATTR_RO(cluster_id);
>  define_id_show_func(core_id, "%d");
>  static DEVICE_ATTR_RO(core_id);
>  
> +define_id_show_func(ppin, "%llx");

			     "0x%llx"

Otherwise it is ambiguous.

> diff --git a/arch/x86/include/asm/topology.h b/arch/x86/include/asm/topology.h
> index cc164777e661..caba7db8c7b6 100644
> --- a/arch/x86/include/asm/topology.h
> +++ b/arch/x86/include/asm/topology.h
> @@ -110,6 +110,7 @@ extern const struct cpumask *cpu_clustergroup_mask(int cpu);
>  #define topology_logical_die_id(cpu)		(cpu_data(cpu).logical_die_id)
>  #define topology_die_id(cpu)			(cpu_data(cpu).cpu_die_id)
>  #define topology_core_id(cpu)			(cpu_data(cpu).cpu_core_id)
> +#define topology_ppin(cpu)			(cpu_data(cpu).ppin)

That looks unused. No need to add it.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ