From: Thomas Gleixner <tglx@linutronix.de>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>
Cc: Dan Williams <dan.j.williams@intel.com>,
Borislav Petkov <bp@alien8.de>,
LKML <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Tony Luck <tony.luck@intel.com>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>
Subject: Re: [patch 01/10] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user()
Date: Tue, 31 Aug 2021 02:34:16 +0200 [thread overview]
Message-ID: <87zgsye9kn.ffs@tglx> (raw)
In-Reply-To: <CAHk-=wh57tMaJxcH=kWE4xdKLjayKSDEVvMwHG4fKZ5tUHF6mg@mail.gmail.com>
Linus,
On Mon, Aug 30 2021 at 15:00, Linus Torvalds wrote:
> But since the Intel machine check stuff is so misdesigned and doesn't
> work on any normal machines, most people can't test any of this, none
> of this matters, and it's only broken on those "serious enterprise
> machines" setups that people think are better, but are actually just
> almost entirely untested and thus don't work right.
what's worse is that even if you have access to such a machine, there is
no documented way to do proper hardware based error injection.
The injection mechanism which claims to do hardware error injection in
arch/x86/kernel/cpu/mce/inject.c is a farce:
All it does is to "prepare" the MSRs with some fake error values and
raising #MC via int 18 afterwards in the hope that the previously
prepared MSR values are still valid. Great way to test stuff by setting
the MSR to the expected failure value and then raising the exception in
software.
NHM had a documented mechanism to inject at least ECC failures at the
hardware level, but with the later memory controllers this ended up in
the documentation black hole along with all the other undocumented real
HW injection mechanisms which allow actual testing of this stuff.
The HW injection mechanisms definitely exist, but without documentation
they are useless. Intel still thinks that the secrecy around that stuff
is valuable and they can get away with those untestable mechanisms even
for their endeavours in the safety critical space.
It's pretty much the same approach as security through obscurity, but in
the safety case that's even more hillarious.
Though we all know what the 'S' in INTEL stands for... I used to be
Security, but nowadays it's Security _and_ Safety.
Thanks,
tglx
next prev parent reply other threads:[~2021-08-31 0:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 16:27 [patch 00/10] x86/fpu: Clean up error handling in sigframe related code Thomas Gleixner
2021-08-30 16:27 ` [patch 01/10] x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() Thomas Gleixner
2021-08-30 19:33 ` Borislav Petkov
2021-08-30 20:07 ` Borislav Petkov
2021-08-30 20:09 ` Thomas Gleixner
2021-08-30 21:02 ` Al Viro
2021-08-30 21:26 ` Linus Torvalds
2021-08-30 21:30 ` Al Viro
2021-08-30 22:00 ` Linus Torvalds
2021-08-30 22:12 ` Thomas Gleixner
2021-08-30 22:26 ` Linus Torvalds
2021-08-31 0:06 ` Al Viro
2021-08-31 0:34 ` Thomas Gleixner [this message]
2021-08-31 7:39 ` Borislav Petkov
2021-08-31 18:39 ` Luck, Tony
2021-09-01 7:27 ` Borislav Petkov
2021-08-30 22:01 ` Thomas Gleixner
2021-08-30 22:11 ` Linus Torvalds
2021-09-01 12:00 ` Thomas Gleixner
2021-09-01 15:52 ` Thomas Gleixner
2021-09-01 16:47 ` Sean Christopherson
2021-09-01 19:22 ` Thomas Gleixner
2021-09-01 19:22 ` Dave Hansen
2021-09-02 13:08 ` Jarkko Sakkinen
2021-09-02 14:08 ` Thomas Gleixner
2021-09-03 6:00 ` Jarkko Sakkinen
2021-09-03 6:05 ` Jarkko Sakkinen
2021-08-30 16:27 ` [patch 02/10] x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() Thomas Gleixner
2021-08-30 16:27 ` [patch 03/10] x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() Thomas Gleixner
2021-08-30 16:27 ` [patch 04/10] x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean Thomas Gleixner
2021-08-30 16:27 ` [patch 05/10] x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers " Thomas Gleixner
2021-08-30 16:27 ` [patch 06/10] x86/signal: Change return type of restore_sigcontext() " Thomas Gleixner
2021-08-30 16:27 ` [patch 07/10] x86/fpu/signal: Change return type of fpu__restore_sig() " Thomas Gleixner
2021-08-30 16:27 ` [patch 08/10] x86/fpu/signal: Change return type of __fpu_restore_sig() " Thomas Gleixner
2021-08-30 16:27 ` [patch 09/10] x86/fpu/signal: Change return code of check_xstate_in_sigframe() " Thomas Gleixner
2021-08-30 16:27 ` [patch 10/10] x86/fpu/signal: Change return code of restore_fpregs_from_user() " Thomas Gleixner
2021-08-30 17:39 ` [patch 00/10] x86/fpu: Clean up error handling in sigframe related code Linus Torvalds
2021-08-30 18:51 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zgsye9kn.ffs@tglx \
--to=tglx@linutronix.de \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas.bulwahn@gmail.com \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.