lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z8HkeZq1-Ij6MUZE@gmail.com>
Date: Fri, 28 Feb 2025 17:29:45 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Brendan Jackman <jackmanb@...gle.com>
Cc: Jonathan Corbet <corbet@....net>, Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/3] x86/cpu: Add facility to force-enable CPU caps
 and bugs


* Ingo Molnar <mingo@...nel.org> wrote:

> 
> * Brendan Jackman <jackmanb@...gle.com> wrote:
> 
> > Hi folks, happy new year. I hope this ping isn't too aggressive given
> > the season - please let me know if it is.
> > 
> > Any new thoughts on this?
> 
> Sorry, this series got lost in the holiday season (apparently you 
> weren't nearly pushy enough to breach the maintainer patch-detection 
> noise/signal level :-), and this functionality is definitely useful and 
> the series looks good to me.
> 
> Integration with clearcpuid= is so much more generic than the original 
> variant and reuses a lot of that logic, so that's a big plus.
> 
> I've applied it to the x86 tree under the tip:x86/cpu branch and if 
> everything goes fine in testing it should hit v6.15 in a couple of 
> weeks.
> 
> One additional thing - which I'd suggest we make a 4th patch, because 
> it affects the existing clearcpuid= behavior - is to extend 
> set/clearcpuid= with a bit more boot time verbosity, right now it 
> taints the kernel:
> 
>                                 /* empty-string, i.e., ""-defined feature flags */
>                                 if (!x86_cap_flags[bit])
>                                         pr_cont(" " X86_CAP_FMT_NUM, x86_cap_flag_num(bit));
>                                 else
>                                         pr_cont(" " X86_CAP_FMT, x86_cap_flag(bit));
> 
>                                 if (set)
>                                         setup_force_cpu_cap(bit);
>                                 else
>                                         setup_clear_cpu_cap(bit);
>                                 taint++;
> 
> 
> I'd suggest we do what PeterZ suggested back in December: in addition 
> to the tainting, also emit an informative pr_warn() for every CPU 
> feature bit enabled/disabled over what was present, and maybe make a 
> bit of a distinction between 'feature' and 'bug' feature bits.

Ie. what I mean is that at minimum upgrade the output from pr_info() to 
pr_warn() - but maybe also make it clear in the output that the kernel 
is tainted and things may break as a result of modifying the feature 
bits.

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ