lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 02 Mar 2022 13:18:37 -0800
From:   "Andy Lutomirski" <luto@...nel.org>
To:     "Tony Luck" <tony.luck@...el.com>
Cc:     "Jithu Joseph" <jithu.joseph@...el.com>, hdegoede@...hat.com,
        markgross@...nel.org, "Thomas Gleixner" <tglx@...utronix.de>,
        "Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
        "Dave Hansen" <dave.hansen@...ux.intel.com>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        "Jonathan Corbet" <corbet@....net>,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
        "Andy Shevchenko" <andriy.shevchenko@...ux.intel.com>,
        "Raj Ashok" <ashok.raj@...el.com>,
        "Steven Rostedt" <rostedt@...dmis.org>,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
        linux-doc@...r.kernel.org, platform-driver-x86@...r.kernel.org,
        patches@...ts.linux.dev,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>
Subject: Re: [RFC 00/10] Introduce In Field Scan driver



On Wed, Mar 2, 2022, at 12:29 PM, Luck, Tony wrote:
> On Wed, Mar 02, 2022 at 05:59:59AM -0800, Andy Lutomirski wrote:
>> > /sys/devices/system/cpu/ifs/reload
>> >   Writing "1" to this file will reload the tests from
>> >   /lib/firmware/intel/ifs/{ff-mm-ss}.scan
>> 
>> IMO this interface is wrong.  /lib/firmware is for firmware (or
>> ucode, etc) files that should be provided by a distribution and loaded,
>> as needed, by a driver so the hardware can function.  This is not at
>> all what IFS does. For IFS, an administrator wants to run a specific
>> test, and the test blob is part of the instruction to run the test.
>> The distribution should not be involved, and this should work even on
>> systems where /lib/firmware is immutable.
>
> "so the hardware can function"
>
> Data center customers want to know which aging systems in their
> data centers are not functioning correctly. So this is not just
> a random test that people might run when they suspect they have
> a problem. It is expected that every core will run this test
> periodically (period dependent on paranoia level of the system
> owner ... maybe daily ... perhaps even more often).
>
> This is so that the data centre can function.
>

How does this work?  Is there an Intel IFS blob v1.17 that is expected to be *the* blob for a given CPU until an update happens?  Or is the expectation that several different blobs might all useful on the same system and operators might want to run different blobs under different circumstances?

>> 
>> So either the blob should be written to a file in sysfs or it should
>> be supplied by write or ioctl to a device node.
>
> I don't see the drive to create a new mechanism for the kernel
> to load from a file when the firmware loader already exists.
>
> If the problem is just immuatbility of /lib ... then make
> an immutable symlink from /lib/firmware/intel/ifs to some
> other place in the file system (which is what some OS
> vendors already do for microcode).
>
> -Tony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ