linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: linux-kernel@vger.kernel.org, linux-tip-commits@vger.kernel.org,
	"x86@kernel.org" <x86@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	stable@vger.kernel.org, "Rafael J. Wysocki" <rjw@rjwysocki.net>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Nathan Chancellor <natechancellor@gmail.com>,
	"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Kees Cook <keescook@chromium.org>,
	Juergen Gross <jgross@suse.com>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>, Ingo Molnar <mingo@redhat.com>,
	Chen Yu <yu.c.chen@intel.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Borislav Petkov <bp@suse.de>,
	Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [tip: x86/urgent] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
Date: Tue, 8 Oct 2019 23:20:41 +0200	[thread overview]
Message-ID: <20191008212041.GA7222@amd> (raw)
In-Reply-To: <409703ae-6d70-3f6a-d6fc-b7dada3c2797@zytor.com>

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

Hi!

> >> x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
> >>
> >> There have been reports of RDRAND issues after resuming from suspend on
> >> some AMD family 15h and family 16h systems. This issue stems from a BIOS
> >> not performing the proper steps during resume to ensure RDRAND continues
> >> to function properly.
> > 
> > There are quite a few unanswered questions here.
> > 
> > a) Is there/should there be CVE for this?
> > 
> > b) Can we perform proper steps in kernel, thus making RDRAND usable
> > even when BIOS is buggy?
> > 
> 
> The kernel should at least be able to set its internal "CPUID" bit, visible
> through /proc/cpuinfo.

Actually, with hindsight I see two possible improvements here:

1) Not having enabled s2ram in config does not mean machine was not
suspended/resumed, then new kernel executed via kexec.

2) We really can continue using the RDRAND: we know how it fails
(constant pattern) so we can check for the failure in kernel, and can
continue to use it... It will certainly work until first suspend, and
there's good chance it will work after that, too. (We still need to
prevent userspace from using it).

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

      reply	other threads:[~2019-10-08 21:20 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-19 15:52 [PATCH v2] " Lendacky, Thomas
2019-08-23  1:10 ` [tip: x86/urgent] " tip-bot2 for Tom Lendacky
2019-08-24 13:50   ` Sasha Levin
2019-08-24 19:13     ` Borislav Petkov
2019-08-24 18:19   ` Pavel Machek
2019-08-24 21:35     ` H. Peter Anvin
2019-10-08 21:20       ` Pavel Machek [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191008212041.GA7222@amd \
    --to=pavel@ucw.cz \
    --cc=akpm@linux-foundation.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=bp@suse.de \
    --cc=corbet@lwn.net \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=natechancellor@gmail.com \
    --cc=pbonzini@redhat.com \
    --cc=rjw@rjwysocki.net \
    --cc=stable@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    --cc=yu.c.chen@intel.com \
    --subject='Re: [tip: x86/urgent] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).