lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <LV3PR12MB9265BC33F465DB7D2735290394C22@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Wed, 26 Feb 2025 22:18:51 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
CC: Josh Poimboeuf <jpoimboe@...nel.org>, Borislav Petkov <bp@...en8.de>,
	Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
	"x86@...nel.org" <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v3 20/35] x86/bugs: Define attack vectors

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> Sent: Wednesday, February 26, 2025 4:13 PM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Josh Poimboeuf <jpoimboe@...nel.org>; Borislav Petkov <bp@...en8.de>;
> Thomas Gleixner <tglx@...utronix.de>; Peter Zijlstra <peterz@...radead.org>; Ingo
> Molnar <mingo@...hat.com>; Dave Hansen <dave.hansen@...ux.intel.com>;
> x86@...nel.org; H . Peter Anvin <hpa@...or.com>; linux-kernel@...r.kernel.org
> Subject: Re: [PATCH v3 20/35] x86/bugs: Define attack vectors
>
>
> > But we could also combine that with mitigations=selective perhaps with
> > tokens like 'mitigate_smt' (enable all relevant SMT mitigations
> > including disabling SMT if needed) or 'no_mitigate_smt' (do not enable
> > any SMT mitigation).  If no token is specified, then we'd default to
> > the behavior today where SMT won't be disabled but other mitigations get applied.
> > Then everything is in one option.
>
> Agree.
>
> > If we like that, then a related question then, do we agree that
> > 'mitigations=off' should be equivalent to
> >
> 'mitigations=selective,no_user_kernel,no_user_user,no_guest_host,no_guest_gues
> t,no_mitigate_smt'?
> >
> > If so, and we're ok with individual bug cmdlines overriding this, then
> > I think we can get rid of cpu_mitigations_off() and just rely on the
> > attack vectors as Josh was suggesting.
>
> Does that mean to stop supporting "mitigations=off"?

No.  I'm saying that mitigations=off would be equivalent to the above command line.  The <vuln>_select_mitigation() functions wouldn't have to call cpu_mitigations_off() anymore, they'd just naturally chose no mitigation because no attack vectors would be selected.

--David Kaplan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ