lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <LV3PR12MB9265E7C013D6BBA5E6FB586C9448A@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Thu, 10 Jul 2025 14:02:56 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Borislav Petkov <bp@...en8.de>
CC: Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra
	<peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
	<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
 Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
 Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v6 02/21] cpu: Define attack vectors

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Borislav Petkov <bp@...en8.de>
> Sent: Thursday, July 10, 2025 5:43 AM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Peter Zijlstra <peterz@...radead.org>;
> Josh Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; linux-kernel@...r.kernel.org
> Subject: Re: [PATCH v6 02/21] cpu: Define attack vectors
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Jul 07, 2025 at 01:32:57PM -0500, David Kaplan wrote:
> > +     /* Attack vector controls may come after a ';' */
> > +     if (*p++ != ';' ||
> !IS_ENABLED(CONFIG_ARCH_HAS_CPU_ATTACK_VECTORS)) {
>
> Right, so the ; separator causes problems with grub and its shell-like
> grub.cfg file. If I put there:
>
>         ... mitigations=auto;no_guest_host
>
> it says
>
>         error: can't find command `no_guest_host'.
>
> because it thinks it is a bash command.
>
> We could do
>
>         ... 'mitigations=auto;no_guest_host'
>
> but that's non-intuitive and it'll cause problems left'n'right.
>
> Using ':' as a separator instead seems to work so if people agree, I'd switch
> to ':'...
>

Interesting.  I would suggest a comma instead, so you have things like "mitigations=auto,no_user_kernel".  That's somewhat consistent with the existing 'auto,nosmt' option as well.

Still you would have global options come first, and then the attack vector options.  But since commas are already used to separate tokens, that seems cleaner to me.

If you're going to edit the patch directly, just please remember to update the documentation file accordingly too.

Thanks
--David Kaplan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ