| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241210153710.GJZ1hgJpVImYZq47Sv@fat_crate.local>
Date: Tue, 10 Dec 2024 16:37:10 +0100
From: Borislav Petkov <bp@...en8.de>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Borislav Petkov <bp@...nel.org>,
Sean Christopherson <seanjc@...gle.com>, X86 ML <x86@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
KVM <kvm@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/4] x86/bugs: Add SRSO_USER_KERNEL_NO support
On Mon, Dec 09, 2024 at 10:53:31PM -0800, Josh Poimboeuf wrote:
> The presence of SRSO_USER_KERNEL_NO should indeed change the default,
> but if the user requests "safe_ret" specifically, shouldn't we give it
> to them?
Hardly a valid use case except for debugging but if you're doing that, you can
change the kernel too.
Because we just fixed this and if some poor soul has left
spec_rstack_overflow=safe-ret in her /etc/default/grub (it has happened to me
a bunch on my test boxes), she'll never get her performance back and that
would be a yucky situation.
> That would be more consistent with how we handle requested
> mitigations.
Yeah, but if there were a point to this, I guess. We don't really need this
mitigation as there's nothing to mitigate on the user/kernel transition
anymore.
> Also it doesn't really make sense to add a printk here as the mitigation
> will be printed at the end of the function.
This is us letting the user know that we don't need Safe-RET anymore and we're
falling back. But I'm not that hung up on that printk...
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists