From: Borislav Petkov <bp@suse.de>
To: speck@linutronix.de
Subject: [MODERATED] Re: GPZv4
Date: Tue, 17 Apr 2018 23:20:26 +0200 [thread overview]
Message-ID: <20180417212026.GG3890@pd.tnic> (raw)
In-Reply-To: <47b619bf-8d07-c465-9017-583cf5ac80ee@redhat.com>
On Tue, Apr 17, 2018 at 05:03:01PM -0400, speck for Jon Masters wrote:
> [my one comment in this email on RHEL, feel free to skip next para]
> Red Hat's perspective is that we need to be "secure by default". I would
> /love/ to be able to leave MD enabled globally on all arches, but in
> order for that to happen, everyone across the industry would have to
I don't think you can do global decisions like that - it should be
per-vendor thing as everything else arch-specific is and we do what the
vendor suggests.
> So we need to close on the following urgently:
>
> 1). What are we going to refer to this as?
> - MDD
> - SSB
> - something else?
>
> In the case of "MDD" it's x86 specific and "enabling" it means you
> disable a feature (MD). To me, that seems to be inverted logic. You
> would set it to "on", "off", or "kernel" (MD only in userspace).
>
> In the case of "SSB" it's more industry wide terminology but it's not
> the Intel term. You would set it to "on", "off", or "userspace".
I for one - and this is just me - see the point of calling it something
vendor- and arch-agnostic so sbb I guess. But whatever, as long as it is
only one name and the logic is spelled out somewhere.
> 2). We need a prctl option for a task to request behavior for SSB. One
> option could be a new PR_SET_MITIGATION where we then have minor
> parameters for additional mitigations that are required later.
I'd look towards other people here for ideas. But prctl() sounds simple
enough to me.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
next prev parent reply other threads:[~2018-04-17 21:20 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 18:26 [MODERATED] GPZv4 Jon Masters
2018-04-17 19:31 ` [MODERATED] GPZv4 Borislav Petkov
2018-04-17 19:56 ` Jon Masters
2018-04-17 20:37 ` Borislav Petkov
2018-04-17 21:03 ` Jon Masters
2018-04-17 21:20 ` Borislav Petkov [this message]
2018-04-17 21:22 ` GPZv4 Thomas Gleixner
2018-04-17 21:25 ` [MODERATED] GPZv4 Jiri Kosina
2018-04-17 21:38 ` Jon Masters
2018-04-17 21:43 ` Jiri Kosina
2018-04-17 22:01 ` GPZv4 Thomas Gleixner
2018-04-17 22:02 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 2:48 ` Konrad Rzeszutek Wilk
2018-04-18 3:44 ` Jon Masters
2018-04-18 4:09 ` Jon Masters
2018-04-18 4:18 ` Jon Masters
2018-04-18 4:56 ` Jon Masters
2018-04-18 7:06 ` Jon Masters
2018-04-18 8:54 ` GPZv4 Thomas Gleixner
2018-04-18 13:22 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:04 ` GPZv4 Thomas Gleixner
2018-04-18 14:07 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:52 ` Konrad Rzeszutek Wilk
2018-04-18 15:02 ` Jon Masters
2018-04-18 21:12 ` Konrad Rzeszutek Wilk
2018-04-18 21:20 ` Jon Masters
2018-04-17 21:36 ` Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417212026.GG3890@pd.tnic \
--to=bp@suse.de \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.