| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Aug 2022 16:23:04 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Kim Phillips <kim.phillips@....com>
Cc: mingo@...nel.org, andrew.cooper3@...rix.com, bp@...en8.de,
bp@...e.de, bpf@...r.kernel.org, jpoimboe@...hat.com,
linux-kernel@...r.kernel.org, peterz@...radead.org,
thomas.lendacky@....com, x86@...nel.org
Subject: Re: [PATCH v3] x86/bugs: Enable STIBP for IBPB mitigated RetBleed
On Mon, Aug 08, 2022 at 09:17:02AM -0500, Kim Phillips wrote:
> AMD's "Technical Guidance for Mitigating Branch Type Confusion,
> Rev. 1.0 2022-07-12" whitepaper, under section 6.1.2 "IBPB On
> Privileged Mode Entry / SMT Safety" says:
>
> "Similar to the Jmp2Ret mitigation, if the code on the sibling thread
> cannot be trusted, software should set STIBP to 1 or disable SMT to
> ensure SMT safety when using this mitigation."
>
> So, like already being done for retbleed=unret, the also for
> retbleed=ibpb, force STIBP on machines that have it, and report
> its SMT vulnerability status accordingly.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
> Fixes: 3ebc17006888 ("x86/bugs: Add retbleed=ibpb")
> Signed-off-by: Kim Phillips <kim.phillips@....com>
> ---
> v3: "unret and ibpb mitigations" -> "UNRET and IBPB mitigations" (Mingo)
> v2: Justify and explain STIBP's role with IBPB (Boris)
>
> .../admin-guide/kernel-parameters.txt | 20 ++++++++++++++-----
> arch/x86/kernel/cpu/bugs.c | 10 ++++++----
> 2 files changed, 21 insertions(+), 9 deletions(-)
Any specific reason you don't want this also backported to the stable
kernel branches that have the other retbleed fixes in them?
thanks,
greg k-h
Powered by blists - more mailing lists