| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB9265593AD43E5844542914E1947E2@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Tue, 8 Oct 2024 14:25:26 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Nikolay Borisov <nik.borisov@...e.com>, Thomas Gleixner
<tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra
<peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Nikolay Borisov <nik.borisov@...e.com>
> Sent: Tuesday, October 8, 2024 7:42 AM
> To: Kaplan, David <David.Kaplan@....com>; Thomas Gleixner
> <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Peter Zijlstra
> <peterz@...radead.org>; Josh Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>
> Cc: linux-kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> > Restructure bhi mitigation to use select/apply functions to create
> > consistent vulnerability handling.
> >
> > Define new AUTO mitigation for bhi.
> >
> > Signed-off-by: David Kaplan <david.kaplan@....com>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
> > 1 file changed, 18 insertions(+), 4 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index eaef5a1cb4a3..da6ca2fc939d 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void);
> > static void __init srso_select_mitigation(void);
> > static void __init gds_select_mitigation(void);
> > static void __init gds_apply_mitigation(void);
> > +static void __init bhi_select_mitigation(void); static void __init
> > +bhi_apply_mitigation(void);
> >
> > /* The base value of the SPEC_CTRL MSR without task-specific bits set */
> > u64 x86_spec_ctrl_base;
> > @@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void)
> > */
> > srso_select_mitigation();
> > gds_select_mitigation();
> > + bhi_select_mitigation();
> >
> > /*
> > * After mitigations are selected, some may need to update their
> > @@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void)
> > rfds_apply_mitigation();
> > srbds_apply_mitigation();
> > gds_apply_mitigation();
> > + bhi_apply_mitigation();
> > }
> >
> > /*
> > @@ -1719,12 +1723,13 @@ static bool __init spec_ctrl_bhi_dis(void)
> >
> > enum bhi_mitigations {
> > BHI_MITIGATION_OFF,
> > + BHI_MITIGATION_AUTO,
> > BHI_MITIGATION_ON,
> > BHI_MITIGATION_VMEXIT_ONLY,
> > };
>
>
> Since this series refactors all mitigations how about taking ON to mean AUTO
> which would result in overall less states for the various mitigations. If we take BHI
> as an example I don't see what value does _AUTO bring here.
In this (and the other bugs), AUTO means that no bug-specific command line option was provided. In this way we can differentiate between no option provided (in which case attack vector controls will decide if mitigation is needed) or "bhi=on" which will force the bhi mitigation on even if the attack vector controls would otherwise leave it disabled.
--David Kaplan
Powered by blists - more mailing lists