lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YtBcUWIqJjUdWtro@worktop.programming.kicks-ass.net>
Date:   Thu, 14 Jul 2022 20:11:29 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Josh Poimboeuf <jpoimboe@...nel.org>
Cc:     Thadeu Lima de Souza Cascardo <cascardo@...onical.com>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org,
        Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
        antonio.gomez.iglesias@...ux.intel.com
Subject: Re: [PATCH] x86/bugs: Switch to "auto" when "ibrs" selected on
 Enhanced IBRS parts

On Thu, Jul 14, 2022 at 10:38:14AM -0700, Josh Poimboeuf wrote:
> On Thu, Jul 14, 2022 at 07:03:32PM +0200, Peter Zijlstra wrote:
> > On Thu, Jul 14, 2022 at 09:01:06AM -0700, Josh Poimboeuf wrote:
> > 
> > > > Yeah this; if the user asks for IBRS, we should give him IBRS. I hate
> > > > the 'I know better, let me change that for you' mentality.
> > > 
> > > eIBRS CPUs don't even have legacy IBRS so I don't see how this is even
> > > possible.
> > 
> > You can still WRMSR a lot on them. Might not make sense but it 'works'.
> 
> Even in Intel documentation, eIBRS is often referred to as IBRS. It
> wouldn't be surprising for a user to consider spectre_v2=ibrs to mean
> "use eIBRS".
> 
> I'm pretty sure there's nobody out there that wants spectre_v2=ibrs to
> mean "make it slower and possibly less secure because it's being used
> contrary to the spec".

Then make it print a big honking warning.

Most people will either use auto or off, the very few people that force
an option get what they ask for, not something else.

Like said upthread, it allows testing the code-paths at the very least.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ