lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YtXoaPqzkP7jc2M+@llamedos.localdomain>
Date:   Tue, 19 Jul 2022 00:10:32 +0100
From:   Ken Moffat <zarniwhoop@...world.com>
To:     Andrew Cooper <Andrew.Cooper3@...rix.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: Retbleed, Zen2 and STIBP

On Mon, Jul 18, 2022 at 09:47:15PM +0000, Andrew Cooper wrote:
> On 18/07/2022 09:19, Ken Moffat wrote:
> > Probably like most people, I find the detail of the available
> > retbleed mitigations obscure.  In particular, for zen2 the options
> > *might* include ibpb or unret.
> 
> That's because retbleed is two totally different bugs between Intel and
> AMD, and on AMD, it's only a subcase.
> 
> In this case for AMD, the root bug is called Branch Type Confusion, with
> Retbleed (and Straight Line Speculation from previous disclosures) being
> two sub-cases of BTC.
> 
> > While ibpb might be available (and slow), on my Renoir with
> > microcode level (0860106h) there were no newer microcode versions
> > available when I last looked (a few weeks ago) but note 7 at the
> > bottom of
> > https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion_v
> > 7_20220712.pdf
> > implies that the relevant bit is only set on Renoir in 0860109h and
> > later.
> >
> > Some of the text in that pdf implies that at least one of the
> > options could be set if not already set from the microcode, but the
> > amount of detail leaves me totally lost.
> >
> > Assuming, for the moment, that I might want to try this full
> > mitigation, is there any way to set this in the absence of newer
> > microcode ?
> 
> The microcode doesn't matter.  All it does is automatically activate the
> same bit we set in
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d7caac991feeef1b871ee6988fd2c9725df09039
> 
> > Or should I just accept that the best I can get is 'unret', whatever
> > that means ?
> 
> "unret" fixes half the problem; the Retbleed subcase specifically.  You
> want IBPB if you want the full fix for Branch Type Confusion.
> 
> ~Andrew

Thanks.  In particular, thanks for the link to the commit which sets
that (I was hoping that had happened, but uncertain), and for
pointing out that the AMD and intel bugs are different (which a lot
of the online comments in various places seem to miss).

At the moment (desktop, single human user) I'm asking myself "Do ya
feel lucky ?" although I have not yet quite got as far as "Well do
ya, punk ?"

ĸen
-- 
 It is very easy to get ridiculously confused about the tenses of
 time travel, but most things can be resolved by a sufficiently
 large ego.        -- The Last Continent

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ