| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bb0ad741-6474-4668-a895-2554cdcb8b33@suse.com>
Date: Tue, 8 Oct 2024 11:32:54 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: David Kaplan <david.kaplan@....com>, Thomas Gleixner
<tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation
On 12.09.24 г. 22:08 ч., David Kaplan wrote:
> Restructure retbleed mitigation to use select/update/apply functions to
> create consistent vulnerability handling. The retbleed_update_mitigation()
> simplifies the dependency between spectre_v2 and retbleed.
>
> The command line options now directly select a preferred mitigation
> which simplifies the logic.
>
> Signed-off-by: David Kaplan <david.kaplan@....com>
> ---
> arch/x86/kernel/cpu/bugs.c | 168 ++++++++++++++++---------------------
> 1 file changed, 73 insertions(+), 95 deletions(-)
>
<snip>
> static void __init retbleed_select_mitigation(void)
> {
> - bool mitigate_smt = false;
> -
> if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off())
> return;
>
> - switch (retbleed_cmd) {
> - case RETBLEED_CMD_OFF:
> - return;
> -
> - case RETBLEED_CMD_UNRET:
> - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> - retbleed_mitigation = RETBLEED_MITIGATION_UNRET;
> - } else {
> + switch (retbleed_mitigation) {
> + case RETBLEED_MITIGATION_UNRET:
> + if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) {
> + retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n");
> - goto do_cmd_auto;
> }
> break;
> -
> - case RETBLEED_CMD_IBPB:
> - if (!boot_cpu_has(X86_FEATURE_IBPB)) {
> - pr_err("WARNING: CPU does not support IBPB.\n");
> - goto do_cmd_auto;
> - } else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
> - retbleed_mitigation = RETBLEED_MITIGATION_IBPB;
> - } else {
> - pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
> - goto do_cmd_auto;
> + case RETBLEED_MITIGATION_IBPB:
> + if (retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
This check is redundant, if this leg of the switch is executed it's
because retbleed_mitigation is already RETBLEED_MITIGATIOB_IBPB.
> + if (!boot_cpu_has(X86_FEATURE_IBPB)) {
> + pr_err("WARNING: CPU does not support IBPB.\n");
> + retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> + } else if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) {
> + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n");
> + retbleed_mitigation = RETBLEED_MITIGATION_AUTO;
> + }
> }
> break;
> -
<snip>
Powered by blists - more mailing lists