lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <LV3PR12MB9265683629F68724B01E89DB94B22@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Tue, 15 Apr 2025 17:06:16 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Josh Poimboeuf <jpoimboe@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
	Peter Zijlstra <peterz@...radead.org>, Pawan Gupta
	<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
 Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
 Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, Brendan Jackman <jackmanb@...gle.com>, Derek
 Manwaring <derekmn@...zon.com>
Subject: RE: [PATCH v4 17/36] Documentation/x86: Document the new attack
 vector controls

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Josh Poimboeuf <jpoimboe@...nel.org>
> Sent: Tuesday, April 15, 2025 11:48 AM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>;
> Peter Zijlstra <peterz@...radead.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; linux-kernel@...r.kernel.org; Brendan Jackman
> <jackmanb@...gle.com>; Derek Manwaring <derekmn@...zon.com>
> Subject: Re: [PATCH v4 17/36] Documentation/x86: Document the new attack
> vector controls
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Tue, Apr 15, 2025 at 04:10:49PM +0000, Kaplan, David wrote:
> > > I think the note is helpful, it attempts to explain why there are no
> > > X's.  I was just thinking that it seems more logical to put it in
> > > the same column as the others.  And that would also help make it
> > > more clear that yes, the X's are missing.  Which is indeed odd, but it's also the
> reality.
> > >
> >
> > Right, except that the last column is about the cross-thread vector,
> > which is irrelevant for SSB.  All the other notes specifically pertain
> > to SMT leakage.
>
> Ah.  Can we give the column a broader heading like "Notes"?

That's a decent idea.  Maybe a new column would be clearer, and I could just put an asterisk in the Cross-thread column for the issues that otherwise have notes there (just to indicate it's not a simple yes/no like in the others).

>
> > I could put the '(Note 4)' text in every column, but that might be
> > even weirder.  I could also remove SSB entirely from the table since
> > it isn't technically relevant for any of the attack vector controls?
>
> I'm thinking the table should list all the mitigations, regardless of whether they're
> affected by these controls, so the controls are well-defined without any ambiguity.
>

Ok

--David Kaplan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ