lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Jan 2018 23:45:50 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Radim Krčmář <rkrcmar@...hat.com>,
        KVM <kvm@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>,
        "H. Peter Anvin" <hpa@...or.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Tom Lendacky <thomas.lendacky@....com>,
        Brijesh Singh <brijesh.singh@....com>,
        Borislav Petkov <bp@...en8.de>
Subject: Re: linux-next: manual merge of the kvm tree with Linus' and the tip
 trees

On 15/01/2018 19:36, Thomas Gleixner wrote:
>> Can KVM folks please stop doing random changes to the cpufeatures code
>> without talking to x86 maintainers and Borislav?
>>
>> This wants to go through TIP or at least reviewed and acked.
> In fact it needs to go through TIP. We spent a lot of effort to make the
> backporting of all this mess simple and this is just shooting a hole in it.

I do understand why you want this to go through TIP, but I'm not sure
why a change to Processor Tracing is related to PTI or retpolines.  I'm
also not sure why it is a problem for backportability, since we always
try to send pull requests after TIP.  Is it because 7*32+15 will be free
in 4.16 but not earlier?

FWIW, no changes for IBRS or RSB stuffing are going through the KVM tree
before the bare metal parts are there.  I posted those mostly for people
(mostly the cloud providers that had been left in the dark) who wanted
something to apply quickly and didn't care about bare metal protection
because they could assume that any attack path passed through a vmexit.

Paolo

> Please drop that change and we sort something out how it can be done proper.
> 
> Dammit, we have a well established process for stuff like that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ