| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230823012728.GCZOVggFCpKiTgqffx@fat_crate.local>
Date: Wed, 23 Aug 2023 03:27:28 +0200
From: Borislav Petkov <bp@...en8.de>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Babu Moger <babu.moger@....com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>, David.Kaplan@....com,
Andrew Cooper <andrew.cooper3@...rix.com>,
Nikolay Borisov <nik.borisov@...e.com>,
gregkh@...uxfoundation.org, Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH 04/22] x86/srso: Fix SBPB enablement for
spec_rstack_overflow=off
On Tue, Aug 22, 2023 at 02:59:01PM -0700, Josh Poimboeuf wrote:
> Yeah, I had seen that. The combination of spectre_v2_user=on with
> srso=off doesn't make a whole lot of sense, but... give the user what
> they want and all. Which would presumably be IBPB *without* the SRSO
> mitigation (aka SBPB).
Right.
> I don't think we need to worry about that, SBPB is >= fam19 but retbleed
> is <= fam17. So either way (0x17 or 0x19) entry_ibpb() should do IBPB.
Right, and SBPB is possible only on family => 0x19 anyway which is not
affected by retbleed.
I was worried that we might open some mitigation hole with the overwrite
but it seems we're fine:
family 0x17: retbleed=ibpb, srso=off - is fine, can't do SBPB anyway
family 0x19: retbleed=ibpb, srso=off - fine too, not affected by retbleed, can do SBPB
Unless I'm missing something again which is very likely, by now. ;-\
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists