| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DDJRFMTS5HX9.3MT8W88VM4U2I@google.com>
Date: Thu, 16 Oct 2025 12:54:03 +0000
From: Brendan Jackman <jackmanb@...gle.com>
To: David Kaplan <david.kaplan@....com>, Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>,
"H . Peter Anvin" <hpa@...or.com>
Cc: Alexander Graf <graf@...zon.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>,
<linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 07/56] x86/bugs: Reset spectre_v2_user mitigations
On Mon Oct 13, 2025 at 2:33 PM UTC, David Kaplan wrote:
> Add function to reset spectre_v2_user mitigations back to their boot-time
> defaults.
>
> Signed-off-by: David Kaplan <david.kaplan@....com>
> ---
> arch/x86/kernel/cpu/bugs.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 1f56ccb5f641..4ca46f58e384 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -2056,6 +2056,18 @@ static void __init spectre_v2_user_apply_mitigation(void)
> }
> }
>
> +#ifdef CONFIG_DYNAMIC_MITIGATIONS
> +static void spectre_v2_user_reset_mitigation(void)
> +{
> + static_branch_disable(&switch_vcpu_ibpb);
> + static_branch_disable(&switch_mm_always_ibpb);
> + static_branch_disable(&switch_mm_cond_ibpb);
> + spectre_v2_user_stibp = SPECTRE_V2_USER_NONE;
> + spectre_v2_user_ibpb = SPECTRE_V2_USER_NONE;
> + spectre_v2_user_cmd = SPECTRE_V2_USER_CMD_AUTO;
> +}
> +#endif
> +
> static const char * const spectre_v2_strings[] = {
> [SPECTRE_V2_NONE] = "Vulnerable",
> [SPECTRE_V2_RETPOLINE] = "Mitigation: Retpolines",
> @@ -3844,5 +3856,6 @@ void arch_cpu_reset_mitigations(void)
> spectre_v1_reset_mitigation();
> spectre_v2_reset_mitigation();
> retbleed_reset_mitigation();
> + spectre_v2_user_reset_mitigation();
> }
> #endif
I think this might be failing to account for task state? E.g. if a
user boots with spectre_v2=off then we ignore the PR_SPEC_DISABLE calls
that would enable IBPB-on-context-switch for that task. Then if they
enable it via this dynamic interface they probably expect their
PR_SPEC_DISABLE to take effect retroactively. I don't think it will with
the current code, do I have that right?
Powered by blists - more mailing lists