| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241210065331.ojnespi77no7kfqf@jpoimboe>
Date: Mon, 9 Dec 2024 22:53:31 -0800
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Borislav Petkov <bp@...nel.org>
Cc: Sean Christopherson <seanjc@...gle.com>, X86 ML <x86@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
KVM <kvm@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
"Borislav Petkov (AMD)" <bp@...en8.de>
Subject: Re: [PATCH v2 1/4] x86/bugs: Add SRSO_USER_KERNEL_NO support
On Mon, Dec 02, 2024 at 01:04:13PM +0100, Borislav Petkov wrote:
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2615,6 +2615,11 @@ static void __init srso_select_mitigation(void)
> break;
>
> case SRSO_CMD_SAFE_RET:
> + if (boot_cpu_has(X86_FEATURE_SRSO_USER_KERNEL_NO)) {
> + pr_notice("CPU user/kernel transitions protected, falling back to IBPB-on-VMEXIT\n");
> + goto ibpb_on_vmexit;
The presence of SRSO_USER_KERNEL_NO should indeed change the default,
but if the user requests "safe_ret" specifically, shouldn't we give it
to them? That would be more consistent with how we handle requested
mitigations.
Also it doesn't really make sense to add a printk here as the mitigation
will be printed at the end of the function.
--
Josh
Powered by blists - more mailing lists