| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yo5LAenZIsYmM9Ie@zn.tnic>
Date: Wed, 25 May 2022 17:28:01 +0200
From: Borislav Petkov <bp@...en8.de>
To: "Luck, Tony" <tony.luck@...el.com>
Cc: Peter Zijlstra <peterz@...radead.org>, X86 ML <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 3/3] x86/microcode: Taint and warn on late loading
On Wed, May 25, 2022 at 02:50:59PM +0000, Luck, Tony wrote:
> Are taint flags in such short supply that you couldn't create a new
> one?
Yes, they can be as many as there are letters in the english alphabet,
it seems:
struct taint_flag {
char c_true; /* character printed when tainted */
^^^^^^^^^^^^
and there are already
#define TAINT_FLAGS_COUNT 18
in use.
> The OUT_OF_SPEC one already seems to be used in some dubious
> ways:
> 1) Command line argument to clear a X86_FEATURES bit
> 2) Forcing PAE
> 3) Writing to an MSR not on the "approved" list
>
> As you add more ways to set this taint bit, it becomes less useful
> for debugging ...
Look at the other taint flags - they're set in a bunch of different
places so it is hard to unambiguously decide where the taint was set. If
we wanna use it for debugging, then the taint_flag struct above should
probably save the caller address which set the taint... or something to
that effect.
> since now you have to dig into which of the possible cases set the bit
> to decide whether it might have contributed to the OOPS.
So I'm still not convinced this should have a special taint flag.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists