lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon,  2 Oct 2023 13:59:34 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     x86@...nel.org, Borislav Petkov <bp@...en8.de>,
        "Chang S. Bae" <chang.seok.bae@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Nikolay Borisov <nik.borisov@...e.com>
Subject: [patch V4 00/30] x86/microcode: Cleanup and late loading enhancements

This is a follow up on:

  https://lore.kernel.org/lkml/20230912065249.695681286@linutronix.de

Late microcode loading is desired by enterprise users. Late loading is
problematic as it requires detailed knowledge about the change and an
analysis whether this change modifies something which is already in use by
the kernel. Large enterprise customers have engineering teams and access to
deep technical vendor support. The regular admin does not have such
resources, so the kernel has always tainted the kernel after late loading.

Intel recently added a new previously reserved field to the microcode
header which contains the minimal microcode revision which must be running
on the CPU to make the load safe. This field is 0 in all older microcode
revisions, which the kernel assumes to be unsafe. Minimal revision checking
can be enforced via Kconfig or kernel command line. It then refuses to load
an unsafe revision. The default loads unsafe revisions like before and
taints the kernel. If a safe revision is loaded the kernel is not tainted.

But that does not solve all other known problems with late loading:

    - Late loading on current Intel CPUs is unsafe vs. NMI when
      hyperthreading is enabled. If a NMI hits the secondary sibling while
      the primary loads the microcode, the machine can crash.

    - Soft offline SMT siblings which are playing dead with MWAIT can cause
      damage too when the microcode update modifies MWAIT. That's a
      realistic scenario in the context of 'nosmt' mitigations. :(

Neither the core code nor the Intel specific code handles any of this at all.

While trying to implement this, I stumbled over disfunctional, horribly
complex and redundant code, which I decided to clean up first so the new
functionality can be added on a clean slate.

So the series has several sections:

   1) Move the 32bit early loading after paging enable

   2) Cleanup of the Intel specific code

   3) Implementation of proper core control logic to handle the NMI safe
      requirements

   4) Support for minimal revision check in the core and the Intel specific
      parts.

Changes vs. V3:

  - Rebased on v6.6-rc1

  - Remove the early load magic which was required for physical address
    mode from the AMD code.

  - Address the review comments from Borislav, which is mostly naming,
    comments and change logs. No functional changes vs. v3

The series is also available from git:

   git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git ucode-v4

Thanks,

	tglx
---
 Documentation/admin-guide/kernel-parameters.txt |    5 
 arch/x86/Kconfig                                |   25 
 arch/x86/include/asm/apic.h                     |    5 
 arch/x86/include/asm/cpu.h                      |   20 
 arch/x86/include/asm/microcode.h                |   19 
 arch/x86/kernel/Makefile                        |    1 
 arch/x86/kernel/apic/apic_flat_64.c             |    2 
 arch/x86/kernel/apic/ipi.c                      |    8 
 arch/x86/kernel/apic/x2apic_cluster.c           |    1 
 arch/x86/kernel/apic/x2apic_phys.c              |    1 
 arch/x86/kernel/cpu/common.c                    |   12 
 arch/x86/kernel/cpu/microcode/amd.c             |  129 +---
 arch/x86/kernel/cpu/microcode/core.c            |  637 ++++++++++++++--------
 arch/x86/kernel/cpu/microcode/intel.c           |  682 +++++++-----------------
 arch/x86/kernel/cpu/microcode/internal.h        |   32 -
 arch/x86/kernel/head32.c                        |    6 
 arch/x86/kernel/head_32.S                       |   10 
 arch/x86/kernel/nmi.c                           |    9 
 arch/x86/kernel/smpboot.c                       |   12 
 drivers/platform/x86/intel/ifs/load.c           |    8 
 include/linux/cpuhotplug.h                      |    1 
 21 files changed, 788 insertions(+), 837 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ