| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230823230222.a3eqe6h3qvzrrulz@treble>
Date: Wed, 23 Aug 2023 16:02:22 -0700
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>,
Babu Moger <babu.moger@....com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>, David.Kaplan@....com,
Andrew Cooper <andrew.cooper3@...rix.com>,
Nikolay Borisov <nik.borisov@...e.com>,
gregkh@...uxfoundation.org, Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 05/22] x86/srso: Fix SBPB enablement for mitigations=off
On Sun, Aug 20, 2023 at 06:19:02PM -0700, Josh Poimboeuf wrote:
> If the user has requested no mitigations with mitigations=off, use the
> lighter-weight SBPB instead of IBPB for other mitigations.
>
> Note that even with mitigations=off, IBPB/SBPB may still be used for
> Spectre v2 user <-> user protection. Whether that makes sense is a
> question for another day.
>
> Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
> Signed-off-by: Josh Poimboeuf <jpoimboe@...nel.org>
> ---
> arch/x86/kernel/cpu/bugs.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 10499bcd4e39..ff5bfe8f0ee9 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2496,8 +2496,7 @@ static void __init srso_select_mitigation(void)
> pr_info("%s%s\n", srso_strings[srso_mitigation], (has_microcode ? "" : ", no microcode"));
>
> pred_cmd:
> - if ((boot_cpu_has(X86_FEATURE_SRSO_NO) || srso_cmd == SRSO_CMD_OFF) &&
> - boot_cpu_has(X86_FEATURE_SBPB))
> + if (boot_cpu_has(X86_FEATURE_SBPB) && srso_mitigation == SRSO_MITIGATION_NONE)
> x86_pred_cmd = PRED_CMD_SBPB;
Actually, I remembered this patch had another purpose. On future HW, if
SRSO_NO is not set by the HW (which Boris said might be the case), and
the SRSO bug bit is not set, then SBPB needs to be set.
I may just get rid of this label altogether and just hard-code the
setting of x86_pred_cmd in the two places where it's needed.
--
Josh
Powered by blists - more mailing lists