| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB926545F84D66CAC25FE73AF294B32@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Mon, 14 Apr 2025 21:20:40 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Josh Poimboeuf <jpoimboe@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, Brendan Jackman <jackmanb@...gle.com>, Derek
Manwaring <derekmn@...zon.com>
Subject: RE: [PATCH v4 18/36] cpu: Define attack vectors
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Josh Poimboeuf <jpoimboe@...nel.org>
> Sent: Thursday, April 10, 2025 1:12 PM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>;
> Peter Zijlstra <peterz@...radead.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; linux-kernel@...r.kernel.org; Brendan Jackman
> <jackmanb@...gle.com>; Derek Manwaring <derekmn@...zon.com>
> Subject: Re: [PATCH v4 18/36] cpu: Define attack vectors
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Mar 10, 2025 at 11:40:05AM -0500, David Kaplan wrote:
> > @@ -3178,8 +3179,38 @@ void __init boot_cpu_hotplug_init(void)
> >
> > #ifdef CONFIG_CPU_MITIGATIONS
> > /*
> > - * These are used for a global "mitigations=" cmdline option for
> > toggling
> > - * optional CPU mitigations.
> > + * All except the cross-thread attack vector are mitigated by default.
> > + * Cross-thread mitigation often requires disabling SMT which is too
> > + expensive
> > + * to be enabled by default.
>
> Cross-thread is *partially* mitigated by default (everything except disabling SMT).
>
Will fix comment
> > +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v) {
> > + if (v < NR_CPU_ATTACK_VECTORS)
> > + return attack_vectors[v];
> > +
> > + WARN_ON_ONCE(v >= NR_CPU_ATTACK_VECTORS);
>
> This can be a WARN_ONCE(), v is already known to be invalid here.
Ack
>
> > static int __init mitigations_parse_cmdline(char *arg) {
> > - if (!strcmp(arg, "off"))
> > - cpu_mitigations = CPU_MITIGATIONS_OFF;
> > - else if (!strcmp(arg, "auto"))
> > - cpu_mitigations = CPU_MITIGATIONS_AUTO;
> > - else if (!strcmp(arg, "auto,nosmt"))
> > - cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
> > - else
> > - pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
> > - arg);
> > + char *s, *p;
> > + int len;
> > +
> > + len = mitigations_parse_global_opt(arg);
> > +
> > + if (cpu_mitigations_off()) {
> > + memset(attack_vectors, 0, sizeof(attack_vectors));
> > + smt_mitigations = SMT_MITIGATIONS_OFF;
> > + } else if (cpu_mitigations_auto_nosmt())
> > + smt_mitigations = SMT_MITIGATIONS_ON;
>
> Kernel coding style wants consistent braces for if-then-else:
>
> if (cpu_mitigations_off()) {
> memset(attack_vectors, 0, sizeof(attack_vectors));
> smt_mitigations = SMT_MITIGATIONS_OFF;
> } else if (cpu_mitigations_auto_nosmt()) {
> smt_mitigations = SMT_MITIGATIONS_ON;
> }
>
Ack
Thanks --David Kaplan
Powered by blists - more mailing lists