lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bb0ad741-6474-4668-a895-2554cdcb8b33@suse.com>
Date: Tue, 8 Oct 2024 11:32:54 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: David Kaplan <david.kaplan@....com>, Thomas Gleixner
 <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
 Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
 Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
 Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
 x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation



On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> Restructure retbleed mitigation to use select/update/apply functions to
> create consistent vulnerability handling.  The retbleed_update_mitigation()
> simplifies the dependency between spectre_v2 and retbleed.
> 
> The command line options now directly select a preferred mitigation
> which simplifies the logic.
> 
> Signed-off-by: David Kaplan <david.kaplan@....com>
> ---
>   arch/x86/kernel/cpu/bugs.c | 168 ++++++++++++++++---------------------
>   1 file changed, 73 insertions(+), 95 deletions(-)
> 

<snip>

>   static void __init retbleed_select_mitigation(void)
>   {
> -	bool mitigate_smt = false;
> -
>   	if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
>   		return;
>   
> -	switch (retbleed_cmd) {
> -	case RETBLEED_CMD_OFF:
> -		return;
> -
> -	case RETBLEED_CMD_UNRET:
> -		if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> -			retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
> -		} else {
> +	switch (retbleed_mitigation) {
> +	case RETBLEED_MITIGATION_UNRET:
> +		if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> +			retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
>   			pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n");
> -			goto do_cmd_auto;
>   		}
>   		break;
> -
> -	case RETBLEED_CMD_IBPB:
> -		if (!boot_cpu_has(X86_FEATURE_IBPB)) {
> -			pr_err("WARNING: CPU does not support IBPB.\n");
> -			goto do_cmd_auto;
> -		} else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
> -			retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
> -		} else {
> -			pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
> -			goto do_cmd_auto;
> +	case RETBLEED_MITIGATION_IBPB:
> +		if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {

This check is redundant, if this leg of the switch is executed it's 
because retbleed_mitigation is already RETBLEED_MITIGATIOB_IBPB.

> +			if (!boot_cpu_has(X86_FEATURE_IBPB)) {
> +				pr_err("WARNING: CPU does not support IBPB.\n");
> +				retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> +			} else if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
> +				pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
> +				retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> +			}
>   		}
>   		break;
> -

<snip>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ