| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250310164023.779191-1-david.kaplan@amd.com>
Date: Mon, 10 Mar 2025 11:39:47 -0500
From: David Kaplan <david.kaplan@....com>
To: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar
<mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
<x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>
CC: <linux-kernel@...r.kernel.org>, Brendan Jackman <jackmanb@...gle.com>,
Derek Manwaring <derekmn@...zon.com>
Subject: [PATCH v4 00/36] Attack vector controls
This series restructures arch/x86/kernel/cpu/bugs.c and proposes new
command line options to make it easier to control which CPU mitigations
are applied. These options select relevant mitigations based on chosen
attack vectors, which are hopefully easier for users to understand.
There are two parts to this patch series:
The first 16 patches restructure the existing mitigation selection logic
to use a uniform set of functions. First, the "select" function is
called for each mitigation to select an appropriate mitigation. Unless
a mitigation is explicitly selected or disabled with a command line
option, the default mitigation is AUTO and the "select" function will
then choose the best mitigation. After the "select" function is called
for each mitigation, some mitigations define an "update" function which
can be used to update the selection, based on the choices made by other
mitigations. Finally, the "apply" function is called which enables the
chosen mitigation.
This structure simplifies the mitigation control logic, especially when
there are dependencies between multiple vulnerabilities. It also
prepares the code for the second set of patches.
The rest of the patches define new "attack vector" options
to make it easier to select appropriate mitigations based on the usage
of the system. While many users may not be intimately familiar with the
details of these CPU vulnerabilities, they are likely better able to
understand the intended usage of their system. As a result, unneeded
mitigations may be disabled, allowing users to recoup more performance.
New documentation is included with recommendations on what to consider
when choosing which attack vectors to enable/disable.
In this series, attack vector options are chosen using the mitigations=
command line. Attack vectors may be individually disabled such as
'mitigations=auto;no_user_kernel,no_user_user'. The 'mitigations=off'
option is equivalent to disabling all attack vectors. 'mitigations=off'
therefore disables all mitigations, unless bug-specific command line
options are used to re-enable some.
Note that this patch series does not change any of the existing
mitigation defaults.
Changes in v4:
- New command line interface for attack vector selection
- Rework of smt mitigations into on/auto/off
- Print mitigated attack vectors in dmesg and sysfs
- Various bug fixes and clean up
Changes in v3:
- Moved command line options to be x86-only
- Fix bugs related to ucode detection for taa/mmio/rfds
- Various clean up
Changes in v2:
- Removed new enum, just use X86_BUG* to identify vulnerabilities
- Mitigate gds if cross-thread protection is selected as pointed out
by Andrew Cooper
- Simplifications around verw-based mitigation handling
- Various bug fixes
David Kaplan (36):
x86/bugs: Restructure mds mitigation
x86/bugs: Restructure taa mitigation
x86/bugs: Restructure mmio mitigation
x86/bugs: Restructure rfds mitigation
x86/bugs: Remove md_clear_*_mitigation()
x86/bugs: Restructure srbds mitigation
x86/bugs: Restructure gds mitigation
x86/bugs: Restructure spectre_v1 mitigation
x86/bugs: Only allow retbleed=stuff on Intel
x86/bugs: Restructure retbleed mitigation
x86/bugs: Restructure spectre_v2_user mitigation
x86/bugs: Restructure bhi mitigation
x86/bugs: Restructure spectre_v2 mitigation
x86/bugs: Restructure ssb mitigation
x86/bugs: Restructure l1tf mitigation
x86/bugs: Restructure srso mitigation
Documentation/x86: Document the new attack vector controls
cpu: Define attack vectors
x86/Kconfig: Arch attack vector support
x86/bugs: Determine relevant vulnerabilities based on attack vector
controls.
x86/bugs: Add attack vector controls for mds
x86/bugs: Add attack vector controls for taa
x86/bugs: Add attack vector controls for mmio
x86/bugs: Add attack vector controls for rfds
x86/bugs: Add attack vector controls for srbds
x86/bugs: Add attack vector controls for gds
x86/bugs: Add attack vector controls for spectre_v1
x86/bugs: Add attack vector controls for retbleed
x86/bugs: Add attack vector controls for spectre_v2_user
x86/bugs: Add attack vector controls for bhi
x86/bugs: Add attack vector controls for spectre_v2
x86/bugs: Add attack vector controls for l1tf
x86/bugs: Add attack vector controls for srso
x86/pti: Add attack vector controls for pti
x86/bugs: Print enabled attack vectors
cpu: Show attack vectors in sysfs
.../hw-vuln/attack_vector_controls.rst | 236 +++
Documentation/admin-guide/hw-vuln/index.rst | 1 +
arch/Kconfig | 3 +
arch/x86/Kconfig | 1 +
arch/x86/include/asm/processor.h | 1 +
arch/x86/kernel/cpu/bugs.c | 1302 ++++++++++-------
arch/x86/kvm/vmx/vmx.c | 2 +
arch/x86/mm/pti.c | 4 +-
drivers/base/cpu.c | 67 +
include/linux/cpu.h | 20 +
kernel/cpu.c | 129 +-
11 files changed, 1248 insertions(+), 518 deletions(-)
create mode 100644 Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
--
2.34.1
Powered by blists - more mailing lists