| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+i-1C2mJYwQYF9WrCjBTO0rfyNtDW=r8ZTpMwySrKSniVtXSg@mail.gmail.com> Date: Wed, 13 Nov 2024 17:19:11 +0100 From: Brendan Jackman <jackmanb@...gle.com> To: "Kaplan, David" <David.Kaplan@....com> Cc: "Manwaring, Derek" <derekmn@...zon.com>, "bp@...en8.de" <bp@...en8.de>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "hpa@...or.com" <hpa@...or.com>, "jpoimboe@...nel.org" <jpoimboe@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>, "pawan.kumar.gupta@...ux.intel.com" <pawan.kumar.gupta@...ux.intel.com>, "peterz@...radead.org" <peterz@...radead.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "x86@...nel.org" <x86@...nel.org>, "mlipp@...zon.at" <mlipp@...zon.at>, "canellac@...zon.at" <canellac@...zon.at> Subject: Re: [PATCH v2 19/35] Documentation/x86: Document the new attack vector controls On Wed, 13 Nov 2024 at 17:00, Kaplan, David <David.Kaplan@....com> wrote: > I wonder what would happen if there was a mitigation that was required when switching to another guest, but not to the broader host address space. This is already the case for the mitigations that "go the other way": IBPB protects the incoming domain from the outgoing one, but L1D flush protects the outgoing from the incoming. So when you exit to the unrestricted address space it never makes sense to flush L1D (everyone trusts the kernel) but e.g. guest->guest still needs one. > that may not be covered by asi_exit. That's right, these other mitigations are part of asi_enter.
Powered by blists - more mailing lists