lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACYkzJ58HoDz+hpLzWf0PZQX7ykWqB6-uQR9HVb5YqaF-rdScA@mail.gmail.com>
Date:   Mon, 20 Feb 2023 11:16:45 -0800
From:   KP Singh <kpsingh@...nel.org>
To:     Josh Poimboeuf <jpoimboe@...nel.org>
Cc:     Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
        pjt@...gle.com, evn@...gle.com, tglx@...utronix.de,
        mingo@...hat.com, dave.hansen@...ux.intel.com, x86@...nel.org,
        hpa@...or.com, peterz@...radead.org,
        pawan.kumar.gupta@...ux.intel.com, kim.phillips@....com,
        alexandre.chartre@...cle.com, daniel.sneddon@...ux.intel.com,
        José Oliveira <joseloliveira11@...il.com>,
        Rodrigo Branco <rodrigo@...nelhacking.com>,
        Alexandra Sandulescu <aesa@...gle.com>,
        Jim Mattson <jmattson@...gle.com>
Subject: Re: [PATCH] x86/bugs: Allow STIBP with IBRS

On Mon, Feb 20, 2023 at 11:09 AM Josh Poimboeuf <jpoimboe@...nel.org> wrote:
>
> On Mon, Feb 20, 2023 at 07:34:59PM +0100, Borislav Petkov wrote:
> > Drop stable@ again.
> >
> > On Mon, Feb 20, 2023 at 10:27:17AM -0800, Josh Poimboeuf wrote:
> > > IBRS is only enabled in kernel space.  Since it's not enabled in user
> > > space, user space isn't protected from indirect branch prediction
> > > attacks from a sibling CPU thread.
> > >
> > > Allow STIBP to be enabled to protect against such attacks.
> > >
> > > Fixes: 7c693f54c873 ("x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS")
> >
> > Yah, look at that one:
> >
> > commit 7c693f54c873691a4b7da05c7e0f74e67745d144
> > Author: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> > Date:   Tue Jun 14 23:15:55 2022 +0200
> >
> >     x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
> >
> >     Extend spectre_v2= boot option with Kernel IBRS.
> >
> >     [jpoimboe: no STIBP with IBRS]
> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > I'm assuming this was supposed to mean no STIBP in *kernel mode* when
> > IBRS is selected?
>
> No it was supposed to be "no STIBP with *eIBRS*".
>
> > In user mode, STIBP should be selectable as we disable IBRS there.
> >
> > Close?
> >
> > If so, pls document it too while at it:
> >
> > Documentation/admin-guide/hw-vuln/spectre.rst
> >
> > because we will be wondering next time again.
> >
> > Like we wonder each time this madness is being touched. ;-(
>
> As far as I can tell, that document was never updated to describe
> spectre_v2=ibrs in the first place.  That would be a whole 'nother patch
> which I'm not volunteering for.  Nice try ;-)

This should at least be documented in the code.

Now it seems like it is not okay to work with people on the list and
just send revisions bypassing them. This is not something we do in the
kernel area I come from (an x86 favorite ;)).  Please feel free to go
with Josh's version (or its future revisions). If you want me to
re-spin with some comments, happy to. If not, please do at least give
me Reported-by here.



>
> --
> Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ