| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241217111752.GDZ2Fd4E4XX-w_t6eq@fat_crate.local>
Date: Tue, 17 Dec 2024 12:17:52 +0100
From: Borislav Petkov <bp@...en8.de>
To: Brendan Jackman <jackmanb@...gle.com>
Cc: Jonathan Corbet <corbet@....net>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/bugs: Add force_cpu_bug= cmdline param
On Mon, Dec 16, 2024 at 06:58:24PM +0100, Brendan Jackman wrote:
> OK yeah, tainting definitely makes sense, I think that goes quite a
> long way to avoid bogus bug reports?
It was my feeble attempt back then to leave enough breadcrumbs so that when
I see a bug report, I can say: "well, then don't do that then" and mark it as
invalid. :)
> I will also update the docs to sound scarier.
Right.
> So do you think we should allow setting arbitrary cpu features? That
> seems like a much bigger footgun. But then again, the difference
> between "big footgun" and "very big footgun" is not that important,
> either way it needs to be clear to users that this is a scary red
> button.
Yeah, with your patch we're half-way there. Might as well do the whole thing
but again, this is only my opinion. Probably should hear what others have to
say first...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists