lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 18 Apr 2019 01:19:41 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Fenghua Yu <fenghua.yu@...el.com>
cc:     Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        H Peter Anvin <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Ashok Raj <ashok.raj@...el.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Ravi V Shankar <ravi.v.shankar@...el.com>,
        Xiaoyao Li <xiaoyao.li@...el.com>,
        Christopherson Sean J <sean.j.christopherson@...el.com>,
        Kalle Valo <kvalo@...eaurora.org>,
        Michael Chan <michael.chan@...adcom.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        x86 <x86@...nel.org>, kvm@...r.kernel.org,
        netdev@...r.kernel.org, linux-wireless@...r.kernel.org
Subject: Re: [PATCH v7 18/21] x86/clearcpuid: Support feature flag string in
 kernel option clearcpuid

On Wed, 17 Apr 2019, Fenghua Yu wrote:

> The kernel option clearcpuid currently only takes feature bit which
> can be changed from kernel to kernel.
> 
> Extend clearcpuid to use cap flag string, which is defined in
> x86_cap_flags[] and won't be changed from kernel to kernel.
> And user can easily get the cap flag string from /proc/cpuinfo.

If your machine dies because init triggers #AC then please explain how that
easily can be read from /proc/cpuinfo and how the sysadmin can figure out
what the heck he needs to write on the kernel command line.

The whole 'clearcpuid' thing should have never been merged. It's a pure
testing/debugging thing. And no, we are not going to proliferate it and
extend it for dubious value. Quite the contrary, we should simply rip it
out.

Add a simple 'noac' or whatever command line option, which is documented
proper and can easily be mapped to a #AC crash during boot.

Thanks,

	tglx

Powered by blists - more mailing lists