| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB9265D95322DCF678CBA398F294F1A@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Fri, 24 Oct 2025 15:02:42 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
CC: Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>,
Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>, "H . Peter Anvin" <hpa@...or.com>,
Alexander Graf <graf@...zon.com>, Boris Ostrovsky
<boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 15/56] x86/bugs: Reset BHI mitigations
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> Sent: Thursday, October 23, 2025 9:49 PM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Borislav Petkov <bp@...en8.de>; Peter
> Zijlstra <peterz@...radead.org>; Josh Poimboeuf <jpoimboe@...nel.org>; Ingo
> Molnar <mingo@...hat.com>; Dave Hansen <dave.hansen@...ux.intel.com>;
> x86@...nel.org; H . Peter Anvin <hpa@...or.com>; Alexander Graf
> <graf@...zon.com>; Boris Ostrovsky <boris.ostrovsky@...cle.com>; linux-
> kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 15/56] x86/bugs: Reset BHI mitigations
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Oct 13, 2025 at 09:34:03AM -0500, David Kaplan wrote:
> > Add function to reset BHI mitigations back to their boot-time defaults.
> >
> > Signed-off-by: David Kaplan <david.kaplan@....com>
> > ---
> > arch/x86/kernel/cpu/bugs.c | 12 ++++++++++++
> > 1 file changed, 12 insertions(+)
> >
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index e765ac0b9240..67561e5c2154 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -2360,6 +2360,17 @@ static void __init bhi_apply_mitigation(void)
> > setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> > }
> >
> > +#ifdef CONFIG_DYNAMIC_MITIGATIONS
> > +static void bhi_reset_mitigation(void)
> > +{
> > + /* RRSBA already cleared in spectre_v2_reset_mitigation() */
> > + setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_VMEXIT);
> > + setup_clear_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP);
>
> Also needs to reset SPEC_CTRL_BHI_DIS_S in x86_spec_ctrl_base.
>
> An alternative is to add spec_ctrl_reset_mitigation() that resets
> x86_spec_ctrl_base for SPEC_CTRL_MITIGATIONS_MASK. To be consistent with
> reset functions of other mitigations, probably also reset the MSR.
Actually I think it's better if none of the reset functions touch the MSR. That only runs on whatever thread is doing the reset, which is random. The __cpu_update_alternatives() function will later update all speculation related MSRs on all CPUs after new mitigations are selected. This also avoids a window where the MSR setting might be insecure even though a mitigation is not actually changing.
I will add resetting SPEC_CTRL_BHI_DIS_S though, looks like I missed that one.
Thanks
--David Kaplan
Powered by blists - more mailing lists