lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aCiM9BebdBUEBK3E@gmail.com>
Date: Sat, 17 May 2025 15:19:48 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Dave Hansen <dave.hansen@...el.com>
Cc: David Kaplan <david.kaplan@....com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Borislav Petkov <bp@...en8.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/bugs: Restructure ITS mitigation


* Dave Hansen <dave.hansen@...el.com> wrote:

> On 5/16/25 12:32, David Kaplan wrote:
> > Restructure the ITS mitigation to use select/update/apply functions like
> > the other mitigations.
> > 
> > There is a particularly complex interaction between ITS and Retbleed as CDT
> > (Call Depth Tracking) is a mitigation for both, and either its=stuff or
> > retbleed=stuff will attempt to enable CDT.
> > 
> > retbleed_update_mitigation() runs first and will check the necessary
> > pre-conditions for CDT if either ITS or Retbleed stuffing is selected.  If
> > checks pass and ITS stuffing is selected, it will select stuffing for
> > Retbleed as well.
> > 
> > its_update_mitigation() runs after and will either select stuffing if
> > retbleed stuffing was enabled, or fall back to the default (aligned thunks)
> > if stuffing could not be enabled.
> > 
> > Enablement of CDT is done exclusively in retbleed_apply_mitigation().
> > its_apply_mitigation() is only used to enable aligned thunks.
> 
> This seems to be explaining what is going on, but there isn't a clear
> problem that this is fixing.
> 
> Why does this need restructuring?

All other mitigations have the following methods:

  static void __init bhi_select_mitigation(void);
  static void __init bhi_update_mitigation(void);
  static void __init bhi_apply_mitigation(void);

(The _update() method is optional.)

Except the freshly added ITS mitigation breaks this pattern, which has 
all this functionality in a single function:

  static void __init its_select_mitigation(void);

David's patch refactors the recently added ITS code to follow the 
existing pattern of all the other mitigation methods:

  static void __init its_select_mitigation(void);
  static void __init its_update_mitigation(void);
  static void __init its_apply_mitigation(void);

This makes it easier to read if you know the other mitigations already, 
and makes it easier to maintain going forward.

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ