| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG48ez3FwbqaU+hP6cAZEGWdHDJdEMuDyqW7SiYrDFf+rOt=bA@mail.gmail.com>
Date: Wed, 6 Dec 2023 21:51:58 +0100
From: Jann Horn <jannh@...gle.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/microcode: Be more verbose, especially about loading errors
On Wed, Dec 6, 2023 at 9:32 PM Borislav Petkov <bp@...en8.de> wrote:
>
> On Wed, Dec 06, 2023 at 09:23:48PM +0100, Jann Horn wrote:
> > Well, yes, except that if no microcode blob is loaded, you're not
> > gonna have the errata fixes and/or security mitigations that you might
> > expect to have.
>
> We say that too:
>
> microcode: Current revision: 0x000000f0
> microcode: Updated early from: 0x000000be
>
> That second line would be missing.
Ah, right. I guess that's decent for diagnostics, though I think it
would be nice to have a more explicit message about not finding a
microcode update, since otherwise you'd have to read the kernel
sources to figure out that you have to check for a missing second
line.
> Therefore, the mitigation fixes all report that too. Look for
> "[Mm]icrocode" in the mitigation strings in arch/x86/kernel/cpu/bugs.c.
Yeah, fair, I guess that's a fairly visible indicator that something's
wrong with microcode. (Though it doesn't tell you whether your
microcode is just outdated or you have no microcode for the CPU
family.)
Well, I don't really feel particularly attached to this patch.
Powered by blists - more mailing lists