| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yv0D88jxFkXcc18o@araj-dh-work>
Date: Wed, 17 Aug 2022 15:06:27 +0000
From: Ashok Raj <ashok.raj@...el.com>
To: Borislav Petkov <bp@...en8.de>
CC: Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"Tony Luck" <tony.luck@...el.com>,
Dave Hansen <dave.hansen@...el.com>,
"LKML Mailing List" <linux-kernel@...r.kernel.org>,
X86-kernel <x86@...nel.org>,
"Andy Lutomirski" <luto@...capital.net>,
Tom Lendacky <thomas.lendacky@....com>,
Jacon Jun Pan <jacob.jun.pan@...el.com>,
Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH v3 3/5] x86/microcode: Avoid any chance of MCE's during
microcode update
On Wed, Aug 17, 2022 at 04:19:40PM +0200, Borislav Petkov wrote:
> On Wed, Aug 17, 2022 at 12:30:49PM +0000, Ashok Raj wrote:
> > You will find out when system returns after reboot and hopefully wasn't
> > promoted to a cold-boot which will loose MCE banks.
>
> Not good enough!
I probably misread your question.. are you suggesting we add some WARN when
we initiate late_load? I thought you were asking if the HW must signal
something and OS should log when an MCE happens if MCIP=1
>
> This should issue a warning in dmesg that a potential MCE while update
> is running would cause a lockup. That is if we don't disable MCE around
> it.
>
> If we decide to disable MCE, it should say shutdown.
Ok, that clarifies it.. "IF we choose to set MCIP=1, we should tell users
that hell can break loose, get under the table" :-)
>
> > Meaning deal with the effect of a really rare MCE. Rather than trying to
> > avoid it. Taking the MCE is more important than finishing the update,
> > and loosing what the error signaled was trying to convey.
>
> Right now I'm inclined to not do anything and warn of a potential rare
> situation.
Encouraging.. So I'll drop that patch from the list next time around.
>
> > > > Shutdown, shutdown.. There is only 1 MCE no matter how many CPUs you have.
> > >
> > > Because all CPUs are executing the loop? Or how do you decide this?
> >
> > Fatal errors signaled with PCC=1 in the MCAx.STATUS is *ALWAYS*
>
> What does that have to do with
>
> "There is only 1 MCE no matter how many CPUs you have."
>
> ?
>
> That's bullsh*t. Especially if the machine can do LMCE.
Well, not outlandish :)
LMCE is only for recoverable errors. When we have a fatal error, sometimes
the signalling and consumption of poison are going in different directions.
In order to minimize exposure of bad data from being consumed,
*ALL* Intel processors have always broadcast fatal errors. This is the
history behind why we broadcast.
BTW: This is all legacy behavior. Nothing should come as surprise.
LMCE is best effort. This is the current state.
Cheers,
Ashok
Powered by blists - more mailing lists