lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+i-1C2B-xupi4cRT-AGMegYepUxhaJ89iG_J+Toa6z-Axp3uQ@mail.gmail.com>
Date: Mon, 10 Feb 2025 17:13:51 +0100
From: Brendan Jackman <jackmanb@...gle.com>
To: David Kaplan <david.kaplan@....com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, 
	Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, 
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H . Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 04/35] x86/bugs: Restructure mds mitigation

On Wed, 8 Jan 2025 at 21:27, David Kaplan <david.kaplan@....com> wrote:
> +/*
> + * Speculation Vulnerability Handling
> + *
> + * Each vulnerability is handled with the following functions:
> + *   <vuln>_select_mitigation() -- Selects a mitigation to use.  This should
> + *                                take into account all relevant command line
> + *                                options.
> + *   <vuln>_update_mitigation() -- This is called after all vulnerabilities have
> + *                                selected a mitigation, in case the selection
> + *                                may want to change based on other choices
> + *                                made.  This function is optional.
> + *   <vuln>_apply_mitigation() -- Enable the selected mitigation.

Maybe also worth calling out cpu_bugs_smt_update() here?

> +/* Return TRUE if any VERW-based mitigation is enabled. */
> +static bool __init verw_mitigation_enabled(void)
> +{
> +       return (mds_mitigation != MDS_MITIGATION_OFF ||
> +               (taa_mitigation != TAA_MITIGATION_OFF &&
> +                taa_mitigation != TAA_MITIGATION_TSX_DISABLED) ||
> +               mmio_mitigation != MMIO_MITIGATION_OFF ||
> +               rfds_mitigation != RFDS_MITIGATION_OFF);
> +}

Since you defined such nice terminology above, why not use it here and
say verw_mitigation_selected()?

(Obviously if the alternative was a respin for this trivial issue
alone I would prefer to merge with the current name!)

> +static void __init mds_update_mitigation(void)
> +{
> +       if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off())
> +               return;
> +
> +       /* If TAA, MMIO, or RFDS are being mitigated, MDS gets mitigated too. */
> +       if (verw_mitigation_enabled()) {
> +               if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
> +                       mds_mitigation = MDS_MITIGATION_FULL;
> +               else
> +                       mds_mitigation = MDS_MITIGATION_VMWERV;
> +       }

This is changing what the user will see in sysfs. This seems good to
me, but it would be worth calling it out in the commit log I think.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ