| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251009053336.ghcmhgsprtkgydas@desk> Date: Wed, 8 Oct 2025 22:33:36 -0700 From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com> To: Josh Poimboeuf <jpoimboe@...nel.org> Cc: Borislav Petkov <bp@...en8.de>, "Kaplan, David" <David.Kaplan@....com>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>, Klaus Kusche <klaus.kusche@...puterix.info>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] x86/bugs: Qualify RETBLEED_INTEL_MSG On Tue, Oct 07, 2025 at 05:14:29PM -0700, Josh Poimboeuf wrote: > On Tue, Oct 07, 2025 at 04:08:21PM -0700, Pawan Gupta wrote: > > On Wed, Oct 08, 2025 at 12:12:29AM +0200, Borislav Petkov wrote: > > > On Tue, Oct 07, 2025 at 11:22:57AM -0700, Pawan Gupta wrote: > > > > IMO, rather than targeting the mitigation enabling code it might make more > > > > sense to compile out the actual mitigations scattered accross the kernel. > > > > This may also improve performance by reducing the code footprint, and can > > > > also help getting a cleaner disassembly. > > Isn't that what CONFIG_CPU_MITIGATIONS=n already does today? Not entirely, looking at entry_64.o for example, I see 243 NOPs with CONFIG_CPU_MITIGATIONS=n. I suspect a lot of them are due to ALTERNATIVEs for mitigations. In the same file, clear_bhb_loop() is not compliled out and adds ~160 bytes. Another example is process.c which still contains below functions: 0000000000000000 <speculation_ctrl_update_tif>: 00000000000008b0 <speculative_store_bypass_ht_init>: 0000000000000980 <speculation_ctrl_update>: 0000000000000c30 <speculation_ctrl_update_current>: > > > Probably... however, it needs to be done smartly because sprinkling ifdeffery > > > and turning what is an already unreadable mess into a bigger abomination, > > > won't fly. Perhaps split out the mitigations glue into separate compilation > > > units and build-disable them... we'll see. > > > > Ya, that would be better. > > On a sort of related note, it's confusing that there are two completely > different classes of MITIGATION options which get conflated: > > 1) compile the kernel with support for certain mitigations: > > MITIGATION_RETPOLINE > MITIGATION_RETHUNK > MITIGATION_PAGE_TABLE_ISOLATION > MITIGATION_UNRET_ENTRY > MITIGATION_CALL_DEPTH_TRACKING > MITIGATION_IBPB_ENTRY > MITIGATION_IBRS_ENTRY > MITIGATION_SRSO > MITIGATION_SLS > > 2) enable bug-specific runtime defaults: > > MITIGATION_GDS > MITIGATION_RFDS > MITIGATION_SPECTRE_BHI > MITIGATION_MDS > MITIGATION_TAA > MITIGATION_MMIO_STALE_DATA > MITIGATION_L1TF > MITIGATION_RETBLEED > MITIGATION_SPECTRE_V1 > MITIGATION_SPECTRE_V2 > MITIGATION_SRBDS > MITIGATION_SSB > MITIGATION_ITS > MITIGATION_TSA > MITIGATION_VMSCAPE > > In general, #1 uglify the kernel. And some #2 depend on #1. > > IMO, we should rename the #1 options. For example: > > MITIGATION_RETPOLINE -> X86_UGLY_INDIRECT_THUNKS > MITIGATION_RETHUNK -> X86_UGLY_RETURN_THUNKS > > etc... > > Then one only needs to grep their .config file for UGLY to understand > why their disassembly is so inscrutable ;-) :-) Agree, this is ugly. One way to handle this could be two levels of Kconfig options like below: * CONFIG_MITIGATION_FOO - Compiles out the mitigation * CONFIG_MITIGATION_FOO_DEFAULT - Sets the bootup default select X86_UGLY_INDIRECT_THUNKS Then supporting mitigation like INDIRECT_THUNKS would only be enabled if there is a dependent mitigation enabled.
Powered by blists - more mailing lists