| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ff9235b5-b215-9867-b154-fb760a699a52@linux.intel.com>
Date: Thu, 4 Jan 2018 15:26:52 -0800
From: Tim Chen <tim.c.chen@...ux.intel.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Greg KH <gregkh@...uxfoundation.org>,
Dave Hansen <dave.hansen@...el.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Andi Kleen <ak@...ux.intel.com>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 6/7] x86/spec_ctrl: Add sysctl knobs to enable/disable
SPEC_CTRL feature
On 01/04/2018 02:54 PM, Peter Zijlstra wrote:
> On Thu, Jan 04, 2018 at 09:56:47AM -0800, Tim Chen wrote:
>> .macro ENABLE_IBRS
>> - ALTERNATIVE "jmp 10f", "", X86_FEATURE_SPEC_CTRL
>> + testl $SPEC_CTRL_IBRS_INUSE, spec_ctrl_ibrs
>> + jz .Lskip_\@
>> +
>> PUSH_MSR_REGS
>> WRMSR_ASM $MSR_IA32_SPEC_CTRL, $SPEC_CTRL_FEATURE_ENABLE_IBRS
>> POP_MSR_REGS
>> -10:
>> +
>> + jmp .Ldone_\@
>> +.Lskip_\@:
>> + /*
>> + * prevent speculation beyond here as we could want to
>> + * stop speculation by enabling IBRS
>> + */
>> + lfence
>> +.Ldone_\@:
>> .endm
>
>
> Yeah no. We have jump labels for this stuff. There is no reason what so
> ever to do dynamic tests for a variable that _never_ changes.
>
Admin can change spec_ctrl_ibrs value at run time, or when
we scan new microcode. So it doesn't often change, but it could.
There may be time when the admin wants to run the system
in a more secure mode, and time when it is okay to leave out
IBRS.
Tim
Powered by blists - more mailing lists