lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180126164747.795831ab@alans-desktop>
Date:   Fri, 26 Jan 2018 16:47:47 +0000
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Yves-Alexis Perez <corsac@...ian.org>
Cc:     David Woodhouse <dwmw@...zon.co.uk>, arjan@...ux.intel.com,
        tglx@...utronix.de, karahmed@...zon.de, x86@...nel.org,
        linux-kernel@...r.kernel.org, tim.c.chen@...ux.intel.com,
        bp@...en8.de, peterz@...radead.org, pbonzini@...hat.com,
        ak@...ux.intel.com, torvalds@...ux-foundation.org,
        gregkh@...ux-foundation.org, dave.hansen@...el.com
Subject: Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which
 are not vulnerable to Meltdown

On Fri, 26 Jan 2018 13:14:46 +0100
Yves-Alexis Perez <corsac@...ian.org> wrote:

> On Wed, 2018-01-24 at 16:57 +0000, David Woodhouse wrote:
> > Some old Atoms, anything in family 5 or 4, and newer CPUs when they advertise
> > the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO bit set, are not vulnerable.
> > 
> > Roll the AMD exemption into the x86_match_cpu() table too.
> > 
> > Based on suggestions from Dave Hansen and Alan Cox.  
> 
> Hi David,
> 
> I know we'll still be able to manually enable PTI with a command line option,
> but it's also a hardening feature which has the nice side effect of emulating
> SMEP on CPU which don't support it (e.g the Atom boxes above).
> 
> Couldn't we keep the “default on”? Or maybe on boxes which also have CPID (in
> order to limit the performance cost)?

For the old atom processors you really don't want the extra cost as a
default. These are older much slower devices and don't have PCID.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ