| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250418161721.1855190-1-david.kaplan@amd.com> Date: Fri, 18 Apr 2025 11:17:05 -0500 From: David Kaplan <david.kaplan@....com> To: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com> CC: <linux-kernel@...r.kernel.org> Subject: [PATCH v5 00/16] Attack vector controls (part 1) This is an updated version of the first half of the attack vector series which focuses on restructuring arch/x86/kernel/cpu/bugs.c. For more info the attack vector series, please see v4 at https://lore.kernel.org/all/20250310164023.779191-1-david.kaplan@amd.com/. These patches restructure the existing mitigation selection logic to use a uniform set of functions. First, the "select" function is called for each mitigation to select an appropriate mitigation. Unless a mitigation is explicitly selected or disabled with a command line option, the default mitigation is AUTO and the "select" function will then choose the best mitigation. After the "select" function is called for each mitigation, some mitigations define an "update" function which can be used to update the selection, based on the choices made by other mitigations. Finally, the "apply" function is called which enables the chosen mitigation. This structure simplifies the mitigation control logic, especially when there are dependencies between multiple vulnerabilities. This is mostly code restructuring without functional changes, except where noted. Compared to v4 this only includes bug fixes/cleanup. David Kaplan (16): x86/bugs: Restructure MDS mitigation x86/bugs: Restructure TAA mitigation x86/bugs: Restructure MMIO mitigation x86/bugs: Restructure RFDS mitigation x86/bugs: Remove md_clear_*_mitigation() x86/bugs: Restructure SRBDS mitigation x86/bugs: Restructure GDS mitigation x86/bugs: Restructure spectre_v1 mitigation x86/bugs: Allow retbleed=stuff only on Intel x86/bugs: Restructure retbleed mitigation x86/bugs: Restructure spectre_v2_user mitigation x86/bugs: Restructure BHI mitigation x86/bugs: Restructure spectre_v2 mitigation x86/bugs: Restructure SSB mitigation x86/bugs: Restructure L1TF mitigation x86/bugs: Restructure SRSO mitigation arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 1112 +++++++++++++++++------------- arch/x86/kvm/vmx/vmx.c | 2 + 3 files changed, 644 insertions(+), 471 deletions(-) base-commit: 33aa28024418782f644d8924026f1db21b3354a6 -- 2.34.1
Powered by blists - more mailing lists