| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d02da815-95ef-2ed3-b90f-776b60f8bc1f@amd.com>
Date: Thu, 13 Sep 2018 09:53:03 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Tim Chen <tim.c.chen@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Jiri Kosina <jikos@...nel.org>, Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
"Woodhouse, David" <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
"Schaufler, Casey" <casey.schaufler@...el.com>,
linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre
v2 STIBP mitigation
On 09/12/2018 04:26 PM, Tim Chen wrote:
> On 09/12/2018 10:16 AM, Tom Lendacky wrote:
>>
>>
>> On 09/11/2018 04:16 PM, Thomas Gleixner wrote:
>>> On Tue, 11 Sep 2018, Tim Chen wrote:
>>>> On 09/10/2018 04:46 AM, Jiri Kosina wrote:
>>>>> Nah, IBPB is actuall there, sorry. So I'll add reporting of STIBP + fixup
>>>>> the missing reporting of RSB_CTXSW for v6.
>>>>>
>>>>
>>>> I anticipate that STIBP could affect workloads with a lot of indirect
>>>> branches (see previous discussion with Andrea). We should have a
>>>> knob for people to opt in or opt out of STIBP.
>>>
>>> Feel free to send a patch to that effect.
>>
>> Tim, are you planning on sending a patch for this? If so, what type of
>> opt in/out are you thinking about, something similar to SSBD?
>>
>
> I'm working on a patch for choosing the Spectre v2 app to app
> mitigation option.
>
> Something like the following:
>
> enum spectre_v2_app2app_mitigation {
> SPECTRE_V2_APP2APP_NONE,
> SPECTRE_V2_APP2APP_LITE,
> SPECTRE_V2_APP2APP_IBPB,
> SPECTRE_V2_APP2APP_STIBP,
> SPECTRE_V2_APP2APP_STRICT,
> };
>
> static const char *spectre_v2_app2app_strings[] = {
> [SPECTRE_V2_APP2APP_NONE] = "App-App Vulnerable",
> [SPECTRE_V2_APP2APP_LITE] = "App-App Mitigation: Protect only non-dumpable process",
> [SPECTRE_V2_APP2APP_IBPB] = "App-App Mitigation: Protect app against attack from same cpu",
> [SPECTRE_V2_APP2APP_STIBP] = "App-App Mitigation: Protect app against attack from sibling cpu",
> [SPECTRE_V2_APP2APP_STRICT] = "App-App Mitigation: Full app to app attack protection",
> };
>
> So the APP2APP_LITE protection's intention is to turn on STIBP and IBPB for non-dumpable
> process. But in my first version I may limit it to IBPB as choosing
> STIBP based on process characteristics will require some frobbing of
> the flags as what we've done in SSBD. That will require more careful
> work and tests.
>
> The STRICT option will turn STIBP on always and IBPB always on
> non-ptraceable context switches.
>
> Is this something reasonable?
>
> Tom, if you already have a patch, feel free to post.
No, I don't have anything. I just like the idea of opt in/out for STIBP
and thought it should be similar to SSBD to provide consistency.
Thanks,
Tom
>
> Tim
>
Powered by blists - more mailing lists