| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <LV3PR12MB926564CC5E88E16CE373185694E8A@LV3PR12MB9265.namprd12.prod.outlook.com> Date: Wed, 15 Oct 2025 13:53:31 +0000 From: "Kaplan, David" <David.Kaplan@....com> To: Aaron Rainbolt <arraybolt3@...il.com> CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>, Alexander Graf <graf@...zon.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [RFC PATCH 00/56] Dynamic mitigations [AMD Official Use Only - AMD Internal Distribution Only] > -----Original Message----- > From: Aaron Rainbolt <arraybolt3@...il.com> > Sent: Tuesday, October 14, 2025 11:11 PM > To: Kaplan, David <David.Kaplan@....com> > Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Peter > Zijlstra <peterz@...radead.org>; Josh Poimboeuf <jpoimboe@...nel.org>; Pawan > Gupta <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; > Dave Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin > <hpa@...or.com>; Alexander Graf <graf@...zon.com>; Boris Ostrovsky > <boris.ostrovsky@...cle.com>; linux-kernel@...r.kernel.org > Subject: Re: [RFC PATCH 00/56] Dynamic mitigations > > On Mon, 13 Oct 2025 09:33:48 -0500 > David Kaplan <david.kaplan@....com> wrote: > > > Dynamic mitigations enables changing the kernel CPU security > > mitigations at runtime without a reboot/kexec. > > > > Previously, mitigation choices had to be made on the kernel cmdline. > > With this feature an administrator can select new mitigation choices > > by writing a sysfs file, after which the kernel will re-patch itself > > based on the new mitigations. > > > > As the performance cost of CPU mitigations can be significant, > > selecting the right set of mitigations is important to achieve the > > correct balance of performance/security. > > > > Use > > --- > > As described in the supplied documentation file, new mitigations are > > selected by writing cmdline options to a new sysfs file. Only cmdline > > options related to mitigations are recognized via this interface. All > > previous mitigation-related cmdline options are ignored and > > selections are done based on the new options. > > > > Examples: > > echo "mitigations=off" > /sys/devices/system/cpu/mitigations > > echo "spectre_v2=retpoline tsa=off" > > > /sys/devices/system/cpu/mitigations > > If `root` is capable of setting `mitigations=off` via this interface, > doesn't that somewhat defeat the purpose of denying `/proc/kcore` > access in lockdown confidentiality mode? Assuming one is running on a > CPU with some form of side-channel memory read vulnerability (which they > very likely are), they can turn off all mitigations, then read kernel > memory via one of those exploits. > > There should be a one-way switch to allow denying all further writes to > this interface, so that once the system's mitigations are set properly, > any further attempts to change them until the next reboot can be > prevented. > That's a good idea, there could be a separate mitigation_lock file perhaps that once written to 1 denies any further changes. Thanks --David Kaplan
Powered by blists - more mailing lists