lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250602192714.tfrchuks4jj47iuk@desk>
Date: Mon, 2 Jun 2025 12:27:14 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Khalid Ali <khaliidcaliy@...il.com>, tglx@...utronix.de,
	peterz@...radead.org, jpoimboe@...nel.org, mingo@...hat.com,
	dave.hansen@...ux.intel.com, linux-kernel@...r.kernel.org,
	x86@...nel.org, hpa@...or.com
Subject: Re: [PATCH] kernel/cpu/bugs: log ltf1 mitigation status

On Mon, Jun 02, 2025 at 11:09:42AM +0200, Borislav Petkov wrote:
> On Mon, Jun 02, 2025 at 07:37:06AM +0000, Khalid Ali wrote:
> > Log the L1TF mitigation like other mitigatioons. This one is is the
> > only one that doesn't get logged.
> > 
> > Signed-off-by: Khalid Ali <khaliidcaliy@...il.com>
> > ---
> >  arch/x86/kernel/cpu/bugs.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 7f94e6a5497d..38cb2a1b2849 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -2803,6 +2803,7 @@ static void __init l1tf_apply_mitigation(void)
> >  		return;
> >  	}
> >  
> > +	pr_info("Mitigation: PTE inversion\n");
> >  	setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV);
> >  }
> 
> Pawan, what's the story here?
> 
> There's this stuff further down in that file:
> 
> | #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion"
> |         
> | #if IS_ENABLED(CONFIG_KVM_INTEL)
> | static const char * const l1tf_vmx_states[] = {
> 
> which comes from 2018:
> 
> 72c6d2db64fa ("x86/litf: Introduce vmx status variable")

I don't know the back story, but L1TF does have too many KVM specific
modes. Probably thats why it is separate from the main mitigation. Also the
KVM part can be compiled out for CONFIG_KVM=n (although it is not a common
practice).

> I guess it is about time we made this mitigation also follow the common
> pattern with the mitigation strings and issuing them at the right time?

I will try to combine the KVM part with the main mitigation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ