Date: Wed, 23 Nov 2016 11:29:51 -0200
From: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
To: Borislav Petkov <bp@suse.de>
Cc: "Luck, Tony" <tony.luck@intel.com>, Andi Kleen <andi@firstfloor.org>,
        Ashok Raj <ashok.raj@intel.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] x86/mce: Include the PPIN in machine check records
 when it is available
Message-ID: <20161123132951.GA9373@khazad-dum.debian.net>
References: <878tsg67r3.fsf@tassilo.jf.intel.com>
 <1479491316-11716-1-git-send-email-tony.luck@intel.com>
 <20161123114855.njguoaygp3qnbkia@pd.tnic>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161123114855.njguoaygp3qnbkia@pd.tnic>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 968
Lines: 25

On Wed, 23 Nov 2016, Borislav Petkov wrote:
> +		/* if PPIN is disabled, but not locked, try to enable: */
> +		if (!(val & 3ul)) {
> +			wrmsrl_safe(MSR_PPIN_CTL,  val | 2ul);
> +			rdmsrl_safe(MSR_PPIN_CTL, &val);
> +		}

Actually, since this thing is supposed to be opt-in [through UEFI
config] for a good reason (privacy), IMHO it would make more sense to:

1. Assuming we can do it, always lock it when it is found to be unlocked
   at kernel boot.

2. Not attempt to change its state from disabled to enabled *unless*
   given a command line parameter authorizing it.  A kconfig-based
   solution for default+command line override would also work well IMHO,
   if it makes more sense.

This would keep the feature opt-in as it is supposed to be, while making
it "safer" on firmware that leaves it unlocked after boot, and would
still allow owners of systems that leave it unlocked to change its
state at boot.  Everyone ends up happy...

-- 
  Henrique Holschuh