| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <nycvar.YFH.7.76.1811201623300.21108@cbobk.fhfr.pm>
Date: Tue, 20 Nov 2018 16:27:01 +0100 (CET)
From: Jiri Kosina <jikos@...nel.org>
To: Arjan van de Ven <arjan@...ux.intel.com>
cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
"Schaufler, Casey" <casey.schaufler@...el.com>,
Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
the arch/x86 maintainers <x86@...nel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: Re: STIBP by default.. Revert?
On Mon, 19 Nov 2018, Arjan van de Ven wrote:
> In the documentation, AMD officially recommends against this by default,
> and I can speak for Intel that our position is that as well: this really
> must not be on by default.
Thanks for pointing to the AMD doc, it's indeed clearly stated there.
Is there any chance this could perhaps be added to Intel documentation as
well, so that we avoid cases like this in the future?
The revision 3.0 of Intel doc from may 2018 [1] I am always looking into
doesn't say anything discouraging about STIBP to me.
[1] https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf?_gclid=5b78f4d130faf8.22277271-5b78f4d130fb70.17467890&_utm_source=xakep&_utm_campaign=mention177777&_utm_medium=inline&_utm_content=lnk223716354570
Thanks,
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists