Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 4 Jul 2018 15:17:25 +0300
From: Vasily Averin <vvs@...tuozzo.com>
To: Solar Designer <solar@...nwall.com>
Cc: owl-dev@...ts.openwall.com
Subject: Re: 32-bit syscall breakage in -431 kernel with KAISER

I've reported about microcode_ctl to Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=1598118

On 07/03/2018 09:16 PM, Solar Designer wrote:
> On Tue, Jul 03, 2018 at 08:32:57PM +0300, Vasily Averin wrote:
>> However then node was crashed on start of microcode_ctl service on host. 
>>
>> I've found that on our kernel __cpuinit moves get_scattered_cpuid_extra() into init section,
>> but this function can be called lagally called after initialization,
>> from microcode_write() -> spec_ctrl_rescan_cpuid()
>>
>> Issue was caused by CONFIG_HOTPLUG_CPU enabled on Red Hat but disabled on our kernels.
>> Therefore I afraid your kernel should be affected too.
>>
>> Could you please clarify this question?
> 
> It's quite possible we never tested microcode_ctl on Owl.  It isn't part
> of Owl, even though there was intent to add it at some point.
> 
> I enabled CONFIG_MICROCODE=m in our kernels in late 2016:
> 
> * Sat Dec 10 2016 Solar Designer <solar-at-owl.openwall.com> 2.6.18-408.el5.028stab120.1.owl5
> - Merged in Red Hat's CVE-2016-5195 "Dirty COW" fix from -416 (slightly
> different from the fix included in OpenVZ's 120.3 released earlier) while also
> keeping the mitigation introduced in owl4.
> - In the x86_64 config, enabled CONFIG_MICROCODE=m, CONFIG_NUMA=y and many
> related options, CONFIG_HUGETLB_PAGE=y, CONFIG_HUGETLBFS=y, CONFIG_I2C=m and
> many sensors (similar to RHEL's), bumped up CONFIG_NR_CPUS from 32 to 255.
> Tested many of these on a Dell PowerEdge R720xd with 2x E5-2660 v2 (NUMA, huge
> pages, some I2C sensors, 40 logical CPUs).
> 
> IIRC, I intended to test it on that Dell machine mentioned in there, but
> it was already at Intel's latest microcode revision for its CPUs, so I
> did not.  I think I did test loading of the kernel module, though.
> 
> Alexander
> 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.