lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220813223825.3164861-1-ashok.raj@intel.com>
Date:   Sat, 13 Aug 2022 22:38:20 +0000
From:   Ashok Raj <ashok.raj@...el.com>
To:     Borislav Petkov <bp@...en8.de>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Tony Luck <tony.luck@...el.com>,
        Dave Hansen <dave.hansen@...el.com>,
        "LKML Mailing List" <linux-kernel@...r.kernel.org>,
        X86-kernel <x86@...nel.org>,
        Andy Lutomirski <luto@...capital.net>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ashok Raj <ashok.raj@...el.com>
Subject: [PATCH 0/5] Adding more robustness to microcode loading

Hi Boris and Thomas,

This is an attempt to move towards enabling late-load ON by default, and if
the taint flag can be removed after this patch series.

- Patch1: Documentation improvements. (to tainted-kernels.rst) and
  x86/microcode.rst.
- Patch2: (Intel) Fix in patch-match during an update left the old patch still in
  the list. This isn't necessary.
- Patch3: One key improvement is the addition of min_rev_id in the 
  microcode header.  This allows a way for CPU microcode to declare itself
  if this is suitable for late-loads.
- Patch4: Avoid any MCE's while a microcode update is in progress. This
  basically promotes any arriving MCE's to shutdown automatically.
- Patch5: Protect the secondary thread from entering NMI before a microcode
  update is complete in the primary thread.
  

Ashok Raj (5):
  x86/microcode: Add missing documentation that late-load will taint
    kernel
  x86/microcode/intel: Check against CPU signature before saving
    microcode
  x86/microcode/intel: Allow a late-load only if a min rev is specified
  x86/microcode: Avoid any chance of MCE's during microcode update
  x86/microcode: Handle NMI's during microcode update.

 Documentation/admin-guide/tainted-kernels.rst |  8 +-
 Documentation/x86/microcode.rst               | 95 +++++++++++++++++-
 arch/x86/include/asm/mce.h                    |  4 +
 arch/x86/include/asm/microcode_intel.h        |  4 +-
 arch/x86/kernel/cpu/mce/core.c                |  9 ++
 arch/x86/kernel/cpu/microcode/core.c          | 99 ++++++++++++++++++-
 arch/x86/kernel/cpu/microcode/intel.c         | 34 ++++++-
 7 files changed, 240 insertions(+), 13 deletions(-)

-- 
2.32.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ