lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c67bd324-cec0-4fe4-b3b1-fc1d1e4f2967@leemhuis.info>
Date:   Sun, 12 Nov 2023 16:03:32 +0100
From:   "Linux regression tracking (Thorsten Leemhuis)" 
        <regressions@...mhuis.info>
To:     lukas.bulwahn@...il.com
Cc:     bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org,
        mingo@...hat.com, tglx@...utronix.de, x86@...nel.org,
        Linux kernel regressions list <regressions@...ts.linux.dev>
Subject: [regression] microcode files missing in initramfs imgages from dracut
 (was Re: [PATCH] x86: Clean up remaining references to CONFIG_MICROCODE_AMD)

Hi Lukas!

> Commit e6bcfdd75d53 ("x86/microcode: Hide the config knob") removes config
> MICROCODE_AMD, but left some references that have no effect on any kernel
> build around.
> 
> Clean up those remaining config references. No functional change.
> [...]

That patch became 4d2b748305e96f ("x86/microcode: Remove remaining
references to CONFIG_MICROCODE_AMD"). Not totally sure, but from briefly
looking into things it seems likely that it causes a regression with
dracut that was just reported here:

https://bugzilla.kernel.org/show_bug.cgi?id=218136

As I understand it older dracut releases due to that change do not
include microcode files in the generated initramfs images anymore.
That's because dracut until the recent commit
https://github.com/dracutdevs/dracut/commit/6c80408c8644a0add1907b0593eb83f90d6247b1
looked for CONFIG_MICROCODE_AMD and CONFIG_MICROCODE_INTEL in the config
file to decide what to include or not.

The reporter noticed, as some diag app suddenly reported the system as
vulnerable to "gather data sampling" vulnerability. See the ticket for
details.

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)

P.S.: Note, you have to use bugzilla to reach the reporter, as I
sadly[1] can not CCed them in mails like this. Furthermore:

[TLDR for the rest of this mail: I'm adding this report to the list of
tracked Linux kernel regressions; the text you find below is based on a
few templates paragraphs you might have encountered already in similar
form.]

BTW, let me use this mail to also add the report to the list of tracked
regressions to ensure it's doesn't fall through the cracks:

#regzbot introduced: 4d2b748305e96f
https://bugzilla.kernel.org/show_bug.cgi?id=218136
#regzbot title: x86: microcode files missing in initramfs imgages from
dracut
#regzbot ignore-activity

This isn't a regression? This issue or a fix for it are already
discussed somewhere else? It was fixed already? You want to clarify when
the regression started to happen? Or point out I got the title or
something else totally wrong? Then just reply and tell me -- ideally
while also telling regzbot about it, as explained by the page listed in
the footer of this mail.

Developers: When fixing the issue, remember to add 'Link:' tags pointing
to the report (e.g. the buzgzilla ticket and maybe this mail as well, if
this thread sees some discussion). See page linked in footer for details.

[1] because bugzilla.kernel.org tells users upon registration their
"email address will never be displayed to logged out users"

--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
If I did something stupid, please tell me, as explained on that page.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ