Re: [PATCH 2/2] cpu: intel, amd: mask cleared cpuid features
From: Borislav Petkov
Date: Tue Jul 24 2012 - 07:04:53 EST
On Tue, Jul 24, 2012 at 11:32:04AM +0100, Alan Cox wrote:
> > So actually, making it straightforward to disable CPUID feature bits
> > just for every whim is the bug.
>
> Sometimes its needed to make stuff work. Expecting user space to go
> digging in odd places
Nah, not odd places. Simply doing "wrmsr... " as root would suffice.
> isn't good either but exposing *both* true/apparent cpuid bits might
> not be a bad idea.
I'm fine with the "might not be a bad idea" thing. I'm saying that it
seems like a bad idea in certain cases...
> > I'd like to see a real valid reason why someone would even think that.
> > Except virtualization folks who are crazy anyway, so that doesn't count :).
>
> Which is a very large part of the x86 market. So they most definitely do
> count. Virtualisation is somewhat different though. There you are trying
> to define a subset of the features that all the systems in your
> environment have so you can do migrations. Virtualisation you have rather
> more different control of the cpuid and msrs anyway.
Right and best it would be if *only* virtualization had access to those
MSRs and CPUID bits. IOW, you #GP when accessing them in the normal case
and access is granted when in VMRUN context.
> > Majority of users is majority of users no matter how you look at it!
>
> That's not a good argument. The majority of users don't have SCSI,
> certain processors and so on ...
or coffee machines ... :-)
> > Right, and how is giving the user a heavy, well-oiled AK-47 to do that,
> > user-friendly?
>
> It's a point and click interface
Or rather, aim and squeeze :-)
> > And this is exactly what I'm questioning: the usability, or rather, the
> > mis-usability of such a feature.
>
> What goes with that is "so how do you do it otherwise".
Not much more harder using msr-tools and easily scriptable. See above.
> Distros can certainly add patches for such features if needed but that
> just makes it even more fun to debug.
That's easy: the first question we ask from the bug reporter is (and you
do that too, btw - I've seen you dozens of times :-)) "can you reproduce
it with mainline"?
> Does "bind mount your own cpuid file" cover this ?
Well, AFAICU, the writes to the MSRs are globally visible. If you're
asking whether through bind-mounting your own cpuid file we're making
the process of toggling CPUID bits more involved versus using simply
kernel command line options then this is probably a step in the right
direction IMHO, BUT (!)...
... there's still a software-only solution needed for CPUID leafs which
cannot be toggled through MSR writes simply because there are no such
MSRs.
The solution to that situation could cover all issues without touching
the kernel.
--
Regards/Gruss,
Boris.
Advanced Micro Devices GmbH
Einsteinring 24, 85609 Dornach
GM: Alberto Bozzo
Reg: Dornach, Landkreis Muenchen
HRB Nr. 43632 WEEE Registernr: 129 19551
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/