| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<LV3PR12MB92654784A9E2D5E5639B875394FAA@LV3PR12MB9265.namprd12.prod.outlook.com>
Date: Wed, 29 Oct 2025 13:48:03 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Borislav Petkov <bp@...en8.de>
CC: Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra
<peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, Pawan Gupta
<pawan.kumar.gupta@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Dave
Hansen <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "H .
Peter Anvin" <hpa@...or.com>, Alexander Graf <graf@...zon.com>, Boris
Ostrovsky <boris.ostrovsky@...cle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations
[AMD Official Use Only - AMD Internal Distribution Only]
> -----Original Message-----
> From: Borislav Petkov <bp@...en8.de>
> Sent: Wednesday, October 29, 2025 6:57 AM
> To: Kaplan, David <David.Kaplan@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>; Peter Zijlstra <peterz@...radead.org>;
> Josh Poimboeuf <jpoimboe@...nel.org>; Pawan Gupta
> <pawan.kumar.gupta@...ux.intel.com>; Ingo Molnar <mingo@...hat.com>; Dave
> Hansen <dave.hansen@...ux.intel.com>; x86@...nel.org; H . Peter Anvin
> <hpa@...or.com>; Alexander Graf <graf@...zon.com>; Boris Ostrovsky
> <boris.ostrovsky@...cle.com>; linux-kernel@...r.kernel.org
> Subject: Re: [RFC PATCH 04/56] x86/bugs: Reset spectre_v1 mitigations
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Mon, Oct 13, 2025 at 09:33:52AM -0500, David Kaplan wrote:
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 6a526ae1fe99..9d5c6a3e50e1 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -46,6 +46,8 @@
> > * may want to change based on other choices
> > * made. This function is optional.
> > * <vuln>_apply_mitigation() -- Enable the selected mitigation.
> > + * <vuln>_reset_mitigation() -- Undo's the apply_mitigation step, this is used
>
> "Undoes" no?
Yes, will fix
>
> > + * with runtime mitigation patching.
> > *
> > * The compile-time mitigation in all cases should be AUTO. An explicit
> > * command-line option can override AUTO. If no such option is
> > @@ -1247,6 +1249,15 @@ static void __init spectre_v1_apply_mitigation(void)
> > pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]);
> > }
> >
> > +#ifdef CONFIG_DYNAMIC_MITIGATIONS
> > +static void spectre_v1_reset_mitigation(void)
> > +{
> > + setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER);
> > + setup_clear_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL);
> > + spectre_v1_mitigation = SPECTRE_V1_MITIGATION_AUTO;
> > +}
> > +#endif
>
> Right, let's see in the end what is easier: we have the cross-dependencies
> between mitigations so having separate "undo" functions might require them to
> run in reverse order to the "apply" functions. I can imagine a single "undo"
> function would be easier because you have everything in one place.
>
> We'll see.
>
We have cross-dependencies around the *selection* of mitigations, but not around the application of them. There is no ordering requirement around the *_apply_mitigation() functions. As such I would not expect (and have not observed) any ordering requirements around the reset functions.
--David Kaplan
Powered by blists - more mailing lists