From: Kees Cook <keescook@chromium.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: "Saripalli, RK" <rsaripal@amd.com>,
linux-kernel@vger.kernel.org, x86@kernel.org, mingo@redhat.com,
bp@alien8.de, hpa@zytor.com, Jonathan Corbet <corbet@lwn.net>,
bsd@redhat.com, Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH v5 1/1] x86/cpufeatures: Implement Predictive Store Forwarding control.
Date: Mon, 10 May 2021 15:09:12 -0700 [thread overview]
Message-ID: <202105101508.BC6CC99FAD@keescook> (raw)
In-Reply-To: <87h7jagt7g.ffs@nanos.tec.linutronix.de>
On Mon, May 10, 2021 at 11:44:03PM +0200, Thomas Gleixner wrote:
> On Mon, May 10 2021 at 06:10, RK Saripalli wrote:
> > On 5/7/2021 10:13 AM, Thomas Gleixner wrote:
> >> What's wrong with just treating this in the same way in which we treat
> >> all other speculative vulnerabilities and provide a consistent picture
> >> to the user?
> >>
> >> Something like the below. You get the idea.
> >
> > Thomas, thank you very much for the comments.
> >
> > I provided the links to the original patches which treat PSF similar to other
> > speculative vulnerabilities.
> >
> > Could you review them please?. The first patch is the cover letter.
> >
> > https://lore.kernel.org/lkml/20210406155004.230790-1-rsaripal@amd.com/
> > https://lore.kernel.org/lkml/20210406155004.230790-2-rsaripal@amd.com/
> > https://lore.kernel.org/lkml/20210406155004.230790-3-rsaripal@amd.com/
> > https://lore.kernel.org/lkml/20210406155004.230790-4-rsaripal@amd.com/
> > https://lore.kernel.org/lkml/20210406155004.230790-5-rsaripal@amd.com/
> > https://lore.kernel.org/lkml/20210406155004.230790-6-rsaripal@amd.com/
>
> They are going into the right direction, i.e. detection and reporting.
>
> Vs. mitigation control the question is whether we need the full
> machinery of prctl/seccomp and so forth especially under the aspect that
> the SSBD mitigation already covers the PSF issue.
>
> So for the start a simple on/off might be good enough.
>
> Kees, any opinions?
I agree: if PSF is a subset of SSBD, there's no need for the additional
machinery.
On a related topic, what happened to Andi's patch to switch the seccomp
defaults? I can't find it now...
--
Kees Cook
next prev parent reply other threads:[~2021-05-10 22:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 19:09 [PATCH v5 0/1] Introduce support for PSF control Ramakrishna Saripalli
2021-05-05 19:09 ` [PATCH v5 1/1] x86/cpufeatures: Implement Predictive Store Forwarding control Ramakrishna Saripalli
2021-05-07 15:13 ` Thomas Gleixner
2021-05-07 15:23 ` Saripalli, RK
2021-05-07 15:33 ` Thomas Gleixner
2021-05-10 11:10 ` Saripalli, RK
2021-05-10 21:44 ` Thomas Gleixner
2021-05-10 22:01 ` Saripalli, RK
2021-05-10 22:09 ` Kees Cook [this message]
2021-05-10 22:15 ` Thomas Gleixner
2021-05-10 22:24 ` Kees Cook
2021-05-10 22:34 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202105101508.BC6CC99FAD@keescook \
--to=keescook@chromium.org \
--cc=bp@alien8.de \
--cc=bsd@redhat.com \
--cc=corbet@lwn.net \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rsaripal@amd.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.