lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87v9p4eq1l.fsf@vitty.brq.redhat.com>
Date:   Tue, 21 Jan 2020 17:24:06 +0100
From:   Vitaly Kuznetsov <vkuznets@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Tyler Hicks <tyhicks@...onical.com>,
        Waiman Long <longman@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Anthony Steinhauser <asteinhauser@...gle.com>
Subject: Re: [PATCH RFC] x86/speculation: Clarify Spectre-v2 mitigation when STIBP/IBPB features are unsupported

Borislav Petkov <bp@...en8.de> writes:

> On Tue, Jan 21, 2020 at 05:02:57PM +0100, Vitaly Kuznetsov wrote:
>> When STIBP/IBPB features are not supported (no microcode update,
>> AWS/Azure/... instances deliberately hiding SPEC_CTRL for performance
>> reasons,...) /sys/devices/system/cpu/vulnerabilities/spectre_v2 looks like
>> 
>>   Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
>> 
>> and this looks imperfect. In particular, STIBP is 'disabled' and 'IBPB'
>> is not mentioned while both features are just not supported. Also, for
>> STIBP the 'disabled' state (SPECTRE_V2_USER_NONE) can represent both
>> the absence of hardware support and deliberate user's choice
>> (spectre_v2_user=off)
>> 
>> Make the following adjustments:
>> - Output 'unsupported' for both STIBP/IBPB when there's no support in
>>   hardware.
>> - Output 'unneeded' for STIBP when SMT is disabled/missing (and this
>>   switch_to_cond_stibp is off).
>> 
>> RFC. Some tools out there may be looking at this information so by
>> changing the output we're breaking them. Also, it may make sense to
>> separate kernel and userspace protections and switch to something like
>> 
>>   Mitigation: Kernel: Full generic retpoline, RSB filling; Userspace:
>>    Vulnerable
>> 
>> for the above mentioned case.
>> 
>> Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
>> ---
>>  Documentation/admin-guide/hw-vuln/spectre.rst | 3 +++
>>  arch/x86/kernel/cpu/bugs.c                    | 9 +++++++--
>>  2 files changed, 10 insertions(+), 2 deletions(-)
>
> There's another attempt to fix similar aspects of this whole deal going
> on ATM:
>
> https://lkml.kernel.org/r/20191229164830.62144-1-asteinhauser@google.com

Missed that, thanks! (Cc: Anthony)

This patch seem to address my STIBP: disabled/unsupported concern but
not 'unneeded'. And not IBPB.

-- 
Vitaly

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ