| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2022 00:10:32 +0100 From: Ken Moffat <zarniwhoop@...world.com> To: Andrew Cooper <Andrew.Cooper3@...rix.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: Retbleed, Zen2 and STIBP On Mon, Jul 18, 2022 at 09:47:15PM +0000, Andrew Cooper wrote: > On 18/07/2022 09:19, Ken Moffat wrote: > > Probably like most people, I find the detail of the available > > retbleed mitigations obscure. In particular, for zen2 the options > > *might* include ibpb or unret. > > That's because retbleed is two totally different bugs between Intel and > AMD, and on AMD, it's only a subcase. > > In this case for AMD, the root bug is called Branch Type Confusion, with > Retbleed (and Straight Line Speculation from previous disclosures) being > two sub-cases of BTC. > > > While ibpb might be available (and slow), on my Renoir with > > microcode level (0860106h) there were no newer microcode versions > > available when I last looked (a few weeks ago) but note 7 at the > > bottom of > > https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion_v > > 7_20220712.pdf > > implies that the relevant bit is only set on Renoir in 0860109h and > > later. > > > > Some of the text in that pdf implies that at least one of the > > options could be set if not already set from the microcode, but the > > amount of detail leaves me totally lost. > > > > Assuming, for the moment, that I might want to try this full > > mitigation, is there any way to set this in the absence of newer > > microcode ? > > The microcode doesn't matter. All it does is automatically activate the > same bit we set in > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d7caac991feeef1b871ee6988fd2c9725df09039 > > > Or should I just accept that the best I can get is 'unret', whatever > > that means ? > > "unret" fixes half the problem; the Retbleed subcase specifically. You > want IBPB if you want the full fix for Branch Type Confusion. > > ~Andrew Thanks. In particular, thanks for the link to the commit which sets that (I was hoping that had happened, but uncertain), and for pointing out that the AMD and intel bugs are different (which a lot of the online comments in various places seem to miss). At the moment (desktop, single human user) I'm asking myself "Do ya feel lucky ?" although I have not yet quite got as far as "Well do ya, punk ?" ĸen -- It is very easy to get ridiculously confused about the tenses of time travel, but most things can be resolved by a sufficiently large ego. -- The Last Continent
Powered by blists - more mailing lists