lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Sep 2018 10:32:34 -0700
From:   Tim Chen <tim.c.chen@...ux.intel.com>
To:     Jiri Kosina <jikos@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        "Woodhouse, David" <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        "Schaufler, Casey" <casey.schaufler@...el.com>,
        linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre
 v2 STIBP mitigation

On 09/10/2018 04:46 AM, Jiri Kosina wrote:
> On Mon, 10 Sep 2018, Jiri Kosina wrote:
> 
>>> That looks much more palatable. One missing piece is the sysfs 
>>> mitigation file for spectre v2. That should reflect STIPB state as well.
>>
>> FWIW, we're missing a bit more in that area, namely RSB stuffing on 
>> context switch, IBRS (even through only around fw) and IBPB; those are 
>> only signalled in dmesg during bootup.
> 
> Nah, IBPB is actuall there, sorry. So I'll add reporting of STIBP + fixup 
> the missing reporting of RSB_CTXSW for v6.
> 

I anticipate that STIBP could affect workloads with a lot of indirect
branches (see previous discussion with Andrea).  We should have a 
knob for people to opt in or opt out of STIBP.

Thanks.

Tim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ