| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Apr 2024 11:20:49 -0700
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Alexandre Chartre <alexandre.chartre@...cle.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Peter Zijlstra <peterz@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Sean Christopherson <seanjc@...gle.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Nikolay Borisov <nik.borisov@...e.com>,
KP Singh <kpsingh@...nel.org>, Waiman Long <longman@...hat.com>,
Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE
"retpolines"
On Fri, Apr 12, 2024 at 11:10:34AM -0700, Josh Poimboeuf wrote:
> ---
> arch/x86/Makefile | 1 -
> arch/x86/include/asm/cpufeatures.h | 1 -
> arch/x86/include/asm/disabled-features.h | 3 +-
> arch/x86/include/asm/nospec-branch.h | 18 ++---
> arch/x86/kernel/alternative.c | 17 +----
> arch/x86/kernel/cpu/bugs.c | 66 +------------------
> arch/x86/kernel/cpu/cpu.h | 3 +-
> arch/x86/lib/retpoline.S | 5 +-
> arch/x86/net/bpf_jit_comp.c | 5 +-
> tools/arch/x86/include/asm/cpufeatures.h | 1 -
> .../arch/x86/include/asm/disabled-features.h | 3 +-
Forgot the documentation updates:
diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst
index 25a04cda4c2c..de780db82cd8 100644
--- a/Documentation/admin-guide/hw-vuln/spectre.rst
+++ b/Documentation/admin-guide/hw-vuln/spectre.rst
@@ -380,10 +380,8 @@ The possible values in this file are:
'Not affected' The processor is not vulnerable
'Mitigation: None' Vulnerable, no mitigation
'Mitigation: Retpolines' Use Retpoline thunks
- 'Mitigation: LFENCE' Use LFENCE instructions
'Mitigation: Enhanced IBRS' Hardware-focused mitigation
'Mitigation: Enhanced IBRS + Retpolines' Hardware-focused + Retpolines
- 'Mitigation: Enhanced IBRS + LFENCE' Hardware-focused + LFENCE
======================================== =================================
- Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
@@ -640,13 +638,10 @@ kernel command line.
Specific mitigations can also be selected manually:
- retpoline auto pick between generic,lfence
+ retpoline Retpolines
retpoline,generic Retpolines
- retpoline,lfence LFENCE; indirect branch
- retpoline,amd alias for retpoline,lfence
eibrs Enhanced/Auto IBRS
eibrs,retpoline Enhanced/Auto IBRS + Retpolines
- eibrs,lfence Enhanced/Auto IBRS + LFENCE
ibrs use IBRS to protect kernel
Not specifying this option is equivalent to
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 902ecd92a29f..edbfba7299e7 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6099,13 +6099,10 @@
Specific mitigations can also be selected manually:
- retpoline - replace indirect branches
+ retpoline - Retpolines
retpoline,generic - Retpolines
- retpoline,lfence - LFENCE; indirect branch
- retpoline,amd - alias for retpoline,lfence
eibrs - Enhanced/Auto IBRS
eibrs,retpoline - Enhanced/Auto IBRS + Retpolines
- eibrs,lfence - Enhanced/Auto IBRS + LFENCE
ibrs - use IBRS to protect kernel
Not specifying this option is equivalent to
Powered by blists - more mailing lists