lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <160331799505.884498.376133101315233761@swboyd.mtv.corp.google.com>
Date:   Wed, 21 Oct 2020 15:06:35 -0700
From:   Stephen Boyd <swboyd@...omium.org>
To:     Will Deacon <will@...nel.org>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        Andre Przywara <andre.przywara@....com>,
        Steven Price <steven.price@....com>,
        Marc Zyngier <maz@...nel.org>, stable@...r.kernel.org
Subject: Re: [PATCH 1/2] arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED

Quoting Will Deacon (2020-10-21 14:13:26)
> On Wed, Oct 21, 2020 at 09:12:02AM -0700, Stephen Boyd wrote:
> 
> > My read of the spec was that the intent is to remove the call at some
> > point and have the removal of the call mean that it isn't vulnerable.
> 
> No, the CSV2 field in whichever ID register is for that. We check that in
> spectre_v2_get_cpu_hw_mitigation_state().

Alright, makes sense!

> 
> > Because NOT_SUPPORTED per the spec means "not needed", "maybe needed",
> > or "firmware doesn't know". Aha maybe they wanted us to make the call on
> > each CPU (i.e. PE) and then if any of them return 0 we should consider
> > it vulnerable and if they return NOT_SUPPORTED we should keep calling
> > for each CPU until we are sure we don't see a 0 and only see a 1 or
> > NOT_SUPPORTED? Looks like a saturating value sort of thing, across CPUs
> > that we care/know about.
> 
> The mitigation state is always per-cpu because of big/little systems, there
> just isn't a short-cut for the firmware to say "all CPUs are unaffected"
> like there is for SMCCC_ARCH_WORKAROUND_2 with its "NOT_REQUIRED" return
> code.
> 

Ok. Can/should kvm be emulating the CSV2 bit that the guest sees? Just
wondering why I'm falling into this (ghost) trap in the first place.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ