lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 15 Nov 2019 00:03:35 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Waiman Long <longman@...hat.com>
cc:     Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mark Gross <mgross@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>
Subject: Re: [PATCH] x86/speculation: Fix incorrect MDS/TAA mitigation
 status

On Thu, 14 Nov 2019, Waiman Long wrote:
> On 11/14/19 3:12 PM, Pawan Gupta wrote:
> > On Wed, Nov 13, 2019 at 02:33:50PM -0500, Waiman Long wrote:

Folks, please trim your replies ....

> >> +	/*
> >> +	 * Update MDS mitigation, if necessary, as the mds_user_clear is
> >> +	 * now enabled for TAA mitigation.
> >> +	 */
> >> +	if (mds_mitigation == MDS_MITIGATION_OFF &&
> >> +	    boot_cpu_has_bug(X86_BUG_MDS)) {
> >> +		mds_mitigation = MDS_MITIGATION_FULL;
> >> +		mds_select_mitigation();
> > This will cause a confusing print in dmesg from previous and this call
> > to mds_select_mitigation().
> >
> > 	"MDS: Vulnerable"
> > 	"MDS: Mitigation: Clear CPU buffers"
>
> Yes, that is the side effect of this patch. It is the last message that
> is relevant. We saw this kind of messages all the time with early
> loading of microcode. A message showing a hardware vulnerability as
> vulnerable and then another message showing it as mitigated after the
> loading of microcode.
> >
> > Maybe delay MDS mitigation print till TAA is evaluated.
> 
> I will see what can be done about that. However, this is not a critical
> issue and I may not change it if there is no easy solution.

Right. There is nothing wrong with these two messages coming after each
other. They are both correct and due to the ordering they also make sense.

> > 	"MDS: Vulnerable"
> > 	"MDS: Mitigation: Clear CPU buffers"

CPU is vulnerable and then the next printk tells that mitigation is in
effect. So really nothing to worry about.

The important part is that the ordering of these messages is correct which
is the case and that the sysfs file corresponds with the last printk.

We really have more urgent problems than bikeshed painting these printks.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ