| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <875zehmujm.fsf@nanos.tec.linutronix.de>
Date: Thu, 02 Apr 2020 23:45:01 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: Josh Poimboeuf <jpoimboe@...hat.com>,
"Singh\, Balbir" <sblbir@...zon.com>
Cc: "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
"tony.luck\@intel.com" <tony.luck@...el.com>,
"keescook\@chromium.org" <keescook@...omium.org>,
"benh\@kernel.crashing.org" <benh@...nel.crashing.org>,
"x86\@kernel.org" <x86@...nel.org>,
"dave.hansen\@intel.com" <dave.hansen@...el.com>
Subject: Re: [PATCH 0/3] arch/x86: Optionally flush L1D on context switch
Josh Poimboeuf <jpoimboe@...hat.com> writes:
> On Thu, Apr 02, 2020 at 08:35:46PM +0000, Singh, Balbir wrote:
>> Yes, that CVE the motivation, the mitigation for CVE-2020-0550 does suggest
>> flushing the cache on context switch. But in general, as we begin to find more
>> ways of evicting data or snopping data, a generic mechanism is more useful and
>> that is why I am making it an opt-in.
>
> Ok. I think it would be a good idea to expand on that justification
> more precisely in the commit message. That would help both reviewers of
> the code and users of the new option understand what level of paranoia
> they're opting in to :-)
The commit message is mostly useful for reviewers and people who have to
do code archeaology.
Documentation/admin-guide/hw-vuln/ has plenty of space to host a
document with explanations. paranoia.rst comes to my mind. :)
Thanks,
tglx
Powered by blists - more mailing lists