All of lore.kernel.org
 help / color / mirror / Atom feed
From: "H. Peter Anvin" <hpa@zytor.com>
To: Borislav Petkov <bp@alien8.de>,
	Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: Aravind Gopalakrishnan <aravind.gopalakrishnan@amd.com>,
	X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
	Kim Naru <kim.naru@amd.com>,
	Sherry Hurwitz <sherry.hurwitz@amd.com>
Subject: Re: [PATCH] x86, CPU, AMD: Add workaround for family 16h, erratum 793
Date: Fri, 17 Jan 2014 08:23:24 -0800	[thread overview]
Message-ID: <52D958FC.9020700@zytor.com> (raw)
In-Reply-To: <20140117101842.GB8715@pd.tnic>

On 01/17/2014 02:18 AM, Borislav Petkov wrote:
> 
> We also cannot carry *every* erratum workaround in the kernel just
> because people don't update firmware. Firmware is becoming ubiquitous,
> sadly, and because of that, admins should provision for firmware
> upgrades too.
> 
> Besides, *even* if we put *all* errata fixes in the kernel, you'd need
> to update it anyway and reboot. In this case, you can just as well
> update your firmware instead, which involves that same reboot.
> 

Actually I by and large disagree with that.  There is a limit, of
course, but when it comes to flipping an MSR in init code, the bar is
pretty darn low.  We have quirks for all kind of hardware, and this is
just another example.

What *is* important, though, is that the workaround is well commented so
that when someone comes and wonders "WTF is this, and what constraints
does it have on it" they can get back to the primary sources (errata
documents, mailing list discussions, CVEs, etc.) without undue effort.

The effort of a kernel update is much lower, especially since the kernel
is generally automatically updated.  It would be awesome if that was
done for firmware, but in the absence of central distribution, arbitrary
EOL sunsets, and a standard OS-driven firmware installer, it just isn't
going to happen widely.  Yes, that is a problem.

	-hpa


  reply	other threads:[~2014-01-17 16:23 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-14 11:41 AMD errata 793 (CVE-2013-6885) needs a workaround in Linux? Henrique de Moraes Holschuh
2014-01-14 11:55 ` Borislav Petkov
2014-01-14 15:14   ` H. Peter Anvin
2014-01-14 15:35     ` Borislav Petkov
2014-01-14 16:27       ` [PATCH] x86, CPU, AMD: Add workaround for family 16h, erratum 793 Borislav Petkov
2014-01-14 16:30         ` H. Peter Anvin
2014-01-14 16:42           ` Borislav Petkov
2014-01-14 17:46             ` H. Peter Anvin
2014-01-14 23:07               ` [PATCH -v1.1] " Borislav Petkov
2014-01-15  0:38                 ` H. Peter Anvin
2014-01-15 11:10                   ` [PATCH -v1.2] " Borislav Petkov
2014-01-15  0:45                 ` [tip:x86/urgent] x86, cpu, amd: " tip-bot for Borislav Petkov
2014-01-15  0:54                   ` H. Peter Anvin
2014-01-15  6:28                     ` Ingo Molnar
2014-01-15 13:36                       ` Borislav Petkov
2014-01-15 13:52                         ` H. Peter Anvin
2014-01-15 18:38                           ` Ingo Molnar
2014-01-16  4:11                             ` H. Peter Anvin
     [not found]         ` <52D59ACC.3090100@amd.com>
2014-01-14 20:38           ` [PATCH] x86, CPU, AMD: " Borislav Petkov
2014-01-16 17:58             ` Aravind Gopalakrishnan
2014-01-16 18:10               ` Borislav Petkov
2014-01-17  0:21               ` Henrique de Moraes Holschuh
2014-01-17  0:25                 ` H. Peter Anvin
2014-01-17 10:18                 ` Borislav Petkov
2014-01-17 16:23                   ` H. Peter Anvin [this message]
2014-01-17 17:02                     ` Borislav Petkov
2014-01-17 17:36                       ` Aravind Gopalakrishnan
2014-01-17 17:42                       ` H. Peter Anvin
2014-01-17 18:05                         ` Aravind Gopalakrishnan
2014-01-17 18:25                           ` Borislav Petkov
2014-01-17 22:28         ` Pavel Machek
2014-01-17 22:50           ` Borislav Petkov
2014-01-17 22:51             ` H. Peter Anvin
2014-01-17 22:57               ` Borislav Petkov
2014-01-18  0:29               ` Pavel Machek
2014-01-18  1:21                 ` H. Peter Anvin
2014-01-18  2:01                   ` Pavel Machek
2014-01-18 10:42                     ` Borislav Petkov
2014-01-18 11:08                       ` Pavel Machek
2014-01-18 11:26                         ` Borislav Petkov
2014-01-18 11:31                           ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52D958FC.9020700@zytor.com \
    --to=hpa@zytor.com \
    --cc=aravind.gopalakrishnan@amd.com \
    --cc=bp@alien8.de \
    --cc=hmh@hmh.eng.br \
    --cc=kim.naru@amd.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sherry.hurwitz@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.