| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Nov 2023 09:49:27 +0100
From: Antonio Feijoo <antonio.feijoo@...e.com>
To: Borislav Petkov <bp@...en8.de>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Linux regressions mailing list <regressions@...ts.linux.dev>,
lukas.bulwahn@...il.com, dave.hansen@...ux.intel.com,
hpa@...or.com, kernel-janitors@...r.kernel.org,
linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
x86@...nel.org
Subject: Re: [regression] microcode files missing in initramfs imgages from
dracut (was Re: [PATCH] x86: Clean up remaining references to
CONFIG_MICROCODE_AMD)
As a side note, complaints about this issue reached the kernel because most
distros out there didn't do their homework, as this patch has been merged
upstream since 6.6-rc1 was released. Fortunately, this problem does not break
the system boot.
As Linus said, the `check_kernel_config` stuff was implemented in 2014 and this
is not the only kernel config option that it's being checked by dracut
(CONFIG_ACPI_TABLE_UPGRADE, CONFIG_ACPI_INITRD_TABLE_OVERRIDE, CONFIG_RD_ZSTD),
although I agree that it's fragile if something changes. But adding in CC the
initramfs list (like you did), would be enough to prepare a simple fix in time.
On 23/11/2023 12.20, Borislav Petkov wrote:
> Adding Antonio who did that last fix to dracut:
>
> 6c80408c8644 ("fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL]")
>
> On Wed, Nov 22, 2023 at 01:08:41PM -0800, Linus Torvalds wrote:
>> There are dracut command lines, like "--early-microcode" and
>> "--no-early-microcode", so people who really want to save space could
>> just force it that way. Doing the CONFIG_xyz check seems broken.
>>
>> But that's for the dracut people to worry about.
>
> Yeah, I guess something like this below.
>
> Antonio, how about something like the totally untested thing below?
>
> dracut would simply always build in microcode - this is the majority of
> the setups anyway - and people who want to save space, do:
>
> --no-early-microcode
>
> ?
The only problem I see in your patch is that we should also remove the
`--early-microcode` option, and dracut will fail if someone pass an option
available since 2013 (5f2c30d9bcd614d546d5c55c6897e33f88b9ab90) that would not
be recognized now (and by failing, I mean it will not build an initramfs if an
unrecognized option is passed).
Please, submit it to https://github.com/dracutdevs/dracut, so more people can
see it and discuss it. Thank you.
> ---
> diff --git a/dracut.sh b/dracut.sh
> index 3b292910f324..c0a88b083f8e 100755
> --- a/dracut.sh
> +++ b/dracut.sh
> @@ -1561,20 +1561,16 @@ fi
>
> if [[ $early_microcode == yes ]]; then
> if [[ $hostonly ]]; then
> - if [[ $(get_cpu_vendor) == "AMD" || $(get_cpu_vendor) == "Intel" ]]; then
> - check_kernel_config CONFIG_MICROCODE || unset early_microcode
> - else
> + if [[ $(get_cpu_vendor) != "AMD" && $(get_cpu_vendor) != "Intel" ]]; then
> unset early_microcode
> fi
> - else
> - ! check_kernel_config CONFIG_MICROCODE \
> - && unset early_microcode
> fi
> +
> # Do not complain on non-x86 architectures as it makes no sense
> case "${DRACUT_ARCH:-$(uname -m)}" in
> x86_64 | i?86)
> [[ $early_microcode != yes ]] \
> - && dwarn "Disabling early microcode, because kernel does not support it. CONFIG_MICROCODE!=y"
> + && dwarn "Disabling early microcode, unsupported configuration"
> ;;
> *) ;;
> esac
>
> Thx.
>
Best regards,
--
Antonio Álvarez Feijoo
System Boot and Init
SUSE
Powered by blists - more mailing lists