lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 8 Jan 2018 21:10:17 +0100
From:   Pavel Machek <pavel@....cz>
To:     linux-kernel@...r.kernel.org, r.marek@...embler.cz,
        ricardo.neri-calderon@...ux.intel.com, rkrcmar@...hat.com,
        Janakarajan.Natarajan@....com, bp@...e.de, x86@...nel.org,
        hpa@...or.com, mingo@...hat.com, tglx@...utronix.de
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH] clarify how insecure CPU is


First, what is going on with X86_BUG_AMD_E400 and X86_BUG_AMD_APIC_C1E
? They seem to refer to the same bug, perhaps comment should mention
that? (Do we need two flags for one bug?)

Next, maybe X86_BUG_CPU_INSECURE is a bit too generic? This seems to
address "Meltdown" problem, but not "Spectre". Should it be limited to
PPro and newer Intel CPUs?

Should another erratum be added for "Spectre"? This is present even on
AMD CPUs, but should not be present in 486, maybe Pentium, and some
Atom chips?

Plus... is this reasonable interface?

bugs		: cpu_insecure

I believe we should

a) have something more descriptive than 'cpu_insecure', like
'mem_always_r' (because poor user has no chance to know if it is
Meltdown, Spectre, or something else)

b) have has_meltdown : yes/no, because otherwise poor userspace can
not tell if CPU is actually bug-free, or if the kernel is just too old
to know about specific bug. With all the backport, this is quite important.

Best regards,
								Pavel


diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 07cdd17..d46958e 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -340,7 +340,7 @@
 #define X86_BUG_NULL_SEG		X86_BUG(10) /* Nulling a selector preserves the base */
 #define X86_BUG_SWAPGS_FENCE		X86_BUG(11) /* SWAPGS without input dep on GS */
 #define X86_BUG_MONITOR			X86_BUG(12) /* IPI required to wake up remote CPU */
-#define X86_BUG_AMD_E400		X86_BUG(13) /* CPU is among the affected by Erratum 400 */
-#define X86_BUG_CPU_INSECURE		X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */
+#define X86_BUG_AMD_E400		X86_BUG(13) /* CPU is among the affected by Erratum 400, check for X86_BUG_AMD_APIC_C1E */
+#define X86_BUG_CPU_INSECURE		X86_BUG(14) /* CPU always allows reading mapped memory, aka "Meltdown", kernel page table isolation needed */
 
 #endif /* _ASM_X86_CPUFEATURES_H */

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ