| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB9265E26EEEA0670ABF7E9ABE94FC2@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Wed, 12 Feb 2025 15:59:39 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Josh Poimboeuf <jpoimboe@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v3 13/35] x86/bugs: Restructure spectre_v2_user mitigation
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Josh Poimboeuf <jpoimboe@...nel.org>
> Sent: Monday, February 10, 2025 6:54 PM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Peter
> Zijlstra <peterz@...radead.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; linux-kernel@...r.kernel.org
> Subject: Re: [PATCH v3 13/35] x86/bugs: Restructure spectre_v2_user mitigation
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Wed, Jan 08, 2025 at 02:24:53PM -0600, David Kaplan wrote:
> > - if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
> > - retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
> > - if (mode != SPECTRE_V2_USER_STRICT &&
> > - mode != SPECTRE_V2_USER_STRICT_PREFERRED)
> > + if (spectre_v2_user_stibp != SPECTRE_V2_USER_NONE &&
> > + (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
> > + retbleed_mitigation == RETBLEED_MITIGATION_IBPB)) {
>
> This adds a hidden dependency on retbleed_update_mitigation()?
Yeah I guess it does. I'm not sure of a way to cleanly avoid this if the logic is kept as-is, do you think it's ok just to document this dependency explicitly?
The only case I think where this matters is if 'stuff' is selected for retbleed, and then retbleed_update_mitigation decides you can't do that and it has to re-select and may end up with unret or ibpb. That case doesn't even make much sense since 'retbleed=stuff' isn't a mitigation for AMD.
One idea, which would involve changing the logic vs upstream, is that 'retbleed=stuff' should only be allowed on Intel and it should be converted to AUTO on AMD. If that's the case, then there isn't really a hidden dependency anymore since the retbleed mitigation will never change to unret/ibpb during retbleed_update_mitigation(). Thoughts?
>
> Also, that last line should be aligned one more space to the right:
>
> if (spectre_v2_user_stibp != SPECTRE_V2_USER_NONE &&
> (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
> retbleed_mitigation == RETBLEED_MITIGATION_IBPB)) {
Ack
>
> > +static void __init spectre_v2_user_apply_mitigation(void)
> > +{
> > + /* Initialize Indirect Branch Prediction Barrier */
> > + if (boot_cpu_has(X86_FEATURE_IBPB) &&
> > + spectre_v2_user_ibpb != SPECTRE_V2_USER_NONE) {
> > + setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> >
> > -set_mode:
> > - pr_info("%s\n", spectre_v2_user_strings[mode]);
> > + switch (spectre_v2_user_ibpb) {
> > + case SPECTRE_V2_USER_NONE:
> > + break;
>
> This case can't happen, spectre_v2_user_ibpb was already checked for
> !SPECTRE_V2_USER_NONE above.
Ack
Thanks --David Kaplan
Powered by blists - more mailing lists