* [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
@ 2023-02-03 12:06 Breno Leitao
2023-06-09 17:33 ` Borislav Petkov
2023-06-10 22:37 ` Thomas Gleixner
0 siblings, 2 replies; 20+ messages in thread
From: Breno Leitao @ 2023-02-03 12:06 UTC (permalink / raw)
To: tglx, bp, pawan.kumar.gupta, paul; +Cc: leit, x86, linux-kernel
Right now it is not possible to disable CPU vulnerabilities mitigations
at build time. Mitigation needs to be disabled passing kernel
parameters, such as 'mitigations=off'.
Create a new config option (CONFIG_CPU_MITIGATIONS_DEFAULT_OFF) that
sets the global variable `cpu_mitigations` to OFF, instead of AUTO. This
allows the creation of kernel binaries that boots with the CPU
mitigations turned off by default, and does not require dealing kernel
parameters.
Signed-off-by: Breno Leitao <leitao@debian.org>
---
kernel/cpu.c | 7 +++++--
security/Kconfig | 11 +++++++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 6c0a92ca6bb5..90afb29eb62f 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -2727,8 +2727,11 @@ enum cpu_mitigations {
CPU_MITIGATIONS_AUTO_NOSMT,
};
-static enum cpu_mitigations cpu_mitigations __ro_after_init =
- CPU_MITIGATIONS_AUTO;
+#ifdef CONFIG_CPU_MITIGATIONS_DEFAULT_OFF
+static enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_OFF;
+#else
+static enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
+#endif
static int __init mitigations_parse_cmdline(char *arg)
{
diff --git a/security/Kconfig b/security/Kconfig
index e6db09a779b7..644f91b6c26a 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -258,6 +258,17 @@ config LSM
If unsure, leave this as the default.
+config CPU_MITIGATIONS_DEFAULT_OFF
+ bool "Disable mitigations for CPU vulnerabilities by default"
+ default n
+ help
+ This option disables mitigations for CPU vulnerabilities by default.
+ Disabling CPU mitigations improves system performance,
+ but it may also expose users to several CPU vulnerabilities.
+ This option has the same effect of passing `mitigations=off` kernel
+ parameter. The CPU mitigations could be enabled back using the
+ 'mitigations' parameter.
+
source "security/Kconfig.hardening"
endmenu
--
2.30.2
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-02-03 12:06 [PATCH] cpu/bugs: Disable CPU mitigations at compilation time Breno Leitao
@ 2023-06-09 17:33 ` Borislav Petkov
2023-06-12 11:22 ` David Laight
2023-06-10 22:37 ` Thomas Gleixner
1 sibling, 1 reply; 20+ messages in thread
From: Borislav Petkov @ 2023-06-09 17:33 UTC (permalink / raw)
To: Breno Leitao; +Cc: tglx, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Fri, Feb 03, 2023 at 04:06:15AM -0800, Breno Leitao wrote:
> Right now it is not possible to disable CPU vulnerabilities mitigations
> at build time. Mitigation needs to be disabled passing kernel
> parameters, such as 'mitigations=off'.
>
> Create a new config option (CONFIG_CPU_MITIGATIONS_DEFAULT_OFF) that
> sets the global variable `cpu_mitigations` to OFF, instead of AUTO. This
> allows the creation of kernel binaries that boots with the CPU
> mitigations turned off by default, and does not require dealing kernel
> parameters.
What's the real-life use case for this?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-02-03 12:06 [PATCH] cpu/bugs: Disable CPU mitigations at compilation time Breno Leitao
2023-06-09 17:33 ` Borislav Petkov
@ 2023-06-10 22:37 ` Thomas Gleixner
2023-06-12 12:54 ` Breno Leitao
1 sibling, 1 reply; 20+ messages in thread
From: Thomas Gleixner @ 2023-06-10 22:37 UTC (permalink / raw)
To: Breno Leitao, bp, pawan.kumar.gupta, paul; +Cc: leit, x86, linux-kernel
On Fri, Feb 03 2023 at 04:06, Breno Leitao wrote:
> Right now it is not possible to disable CPU vulnerabilities mitigations
> at build time. Mitigation needs to be disabled passing kernel
> parameters, such as 'mitigations=off'.
>
> Create a new config option (CONFIG_CPU_MITIGATIONS_DEFAULT_OFF) that
> sets the global variable `cpu_mitigations` to OFF, instead of AUTO. This
> allows the creation of kernel binaries that boots with the CPU
> mitigations turned off by default, and does not require dealing kernel
> parameters.
Why? What's the justification
Just because we do not have not enough kernel config items yet, does not
count.
Thanks,
tglx
^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-09 17:33 ` Borislav Petkov
@ 2023-06-12 11:22 ` David Laight
2023-06-12 11:51 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: David Laight @ 2023-06-12 11:22 UTC (permalink / raw)
To: 'Borislav Petkov', Breno Leitao
Cc: tglx@linutronix.de, pawan.kumar.gupta@linux.intel.com,
paul@paul-moore.com, leit@meta.com, x86@kernel.org,
linux-kernel@vger.kernel.org
From: Borislav Petkov
> Sent: 09 June 2023 18:34
>
> On Fri, Feb 03, 2023 at 04:06:15AM -0800, Breno Leitao wrote:
> > Right now it is not possible to disable CPU vulnerabilities mitigations
> > at build time. Mitigation needs to be disabled passing kernel
> > parameters, such as 'mitigations=off'.
> >
> > Create a new config option (CONFIG_CPU_MITIGATIONS_DEFAULT_OFF) that
> > sets the global variable `cpu_mitigations` to OFF, instead of AUTO. This
> > allows the creation of kernel binaries that boots with the CPU
> > mitigations turned off by default, and does not require dealing kernel
> > parameters.
>
> What's the real-life use case for this?
I can definitely justify compiling them all out.
For instance embedded systems with limited userspace and
(pretty much) everything running as root.
Compiling them out gives better code than patching them out
during boot.
I've stopped updating an LTS kernel because I really don't
want/need any of the mitigations - especially the ones
associated with 'ret' instructions.
They are far more pervasive than the ones for indirect jumps.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 11:22 ` David Laight
@ 2023-06-12 11:51 ` Borislav Petkov
2023-06-12 12:16 ` David Laight
0 siblings, 1 reply; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 11:51 UTC (permalink / raw)
To: David Laight
Cc: Breno Leitao, tglx@linutronix.de,
pawan.kumar.gupta@linux.intel.com, paul@paul-moore.com,
leit@meta.com, x86@kernel.org, linux-kernel@vger.kernel.org
On Mon, Jun 12, 2023 at 11:22:15AM +0000, David Laight wrote:
> I can definitely justify compiling them all out.
> For instance embedded systems with limited userspace and
> (pretty much) everything running as root.
Nothing's stopping you from adding "mitigations=off" to your grub
config.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 11:51 ` Borislav Petkov
@ 2023-06-12 12:16 ` David Laight
2023-06-12 13:27 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: David Laight @ 2023-06-12 12:16 UTC (permalink / raw)
To: 'Borislav Petkov'
Cc: Breno Leitao, tglx@linutronix.de,
pawan.kumar.gupta@linux.intel.com, paul@paul-moore.com,
leit@meta.com, x86@kernel.org, linux-kernel@vger.kernel.org
From: Borislav Petkov
> Sent: 12 June 2023 12:52
>
> On Mon, Jun 12, 2023 at 11:22:15AM +0000, David Laight wrote:
> > I can definitely justify compiling them all out.
> > For instance embedded systems with limited userspace and
> > (pretty much) everything running as root.
>
> Nothing's stopping you from adding "mitigations=off" to your grub
> config.
I do (and I compile without page table separation),
but some of the run-time patched versions are not as 'good'
as compiling the code out.
It might just be some nops, but maybe it is worse.
This can be particularly true for new mitigations.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-10 22:37 ` Thomas Gleixner
@ 2023-06-12 12:54 ` Breno Leitao
2023-06-12 13:32 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: Breno Leitao @ 2023-06-12 12:54 UTC (permalink / raw)
To: Thomas Gleixner; +Cc: bp, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Sun, Jun 11, 2023 at 12:37:34AM +0200, Thomas Gleixner wrote:
> On Fri, Feb 03 2023 at 04:06, Breno Leitao wrote:
> > Right now it is not possible to disable CPU vulnerabilities mitigations
> > at build time. Mitigation needs to be disabled passing kernel
> > parameters, such as 'mitigations=off'.
> >
> > Create a new config option (CONFIG_CPU_MITIGATIONS_DEFAULT_OFF) that
> > sets the global variable `cpu_mitigations` to OFF, instead of AUTO. This
> > allows the creation of kernel binaries that boots with the CPU
> > mitigations turned off by default, and does not require dealing kernel
> > parameters.
>
> Why? What's the justification
There are two major justification from my point of view:
1) We keep consistency with other CONFIG options. Linux already has a
CONFIG option to enable/disable mitigations for speculations
(CONFIG_SPECULATION_MITIGATIONS), so, this will be a similar one.
2) There are companies that have different kernel flavours (different
CONFIG options basically), for different type of workloads, and a
machine can change their kernel flavors a few times a day. I.e, for
a specifically workload, boots in flavor X since it works the best.
Mitigation enabled/disabled is key to some of these flavors.
I would like to see a flavor as self-contained in a binary that I can
mix and match. Right not they are not, since for some kernel
flavours, you need to add kernel command lines (mitigations=off), which
requires some hard logic, mainly when you are dealing with kexec and
grub.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 12:16 ` David Laight
@ 2023-06-12 13:27 ` Borislav Petkov
0 siblings, 0 replies; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 13:27 UTC (permalink / raw)
To: David Laight
Cc: Breno Leitao, tglx@linutronix.de,
pawan.kumar.gupta@linux.intel.com, paul@paul-moore.com,
leit@meta.com, x86@kernel.org, linux-kernel@vger.kernel.org
On Mon, Jun 12, 2023 at 12:16:19PM +0000, David Laight wrote:
> I do (and I compile without page table separation),
> but some of the run-time patched versions are not as 'good'
> as compiling the code out.
> It might just be some nops, but maybe it is worse.
"might", schmight, ... other statements without proof...
If you want me to take you seriously, explain in detail the problem.
Otherwise, I can keep on ignoring you.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 12:54 ` Breno Leitao
@ 2023-06-12 13:32 ` Borislav Petkov
2023-06-12 13:46 ` Breno Leitao
0 siblings, 1 reply; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 13:32 UTC (permalink / raw)
To: Breno Leitao
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 05:54:56AM -0700, Breno Leitao wrote:
> 1) We keep consistency with other CONFIG options. Linux already has a
> CONFIG option to enable/disable mitigations for speculations
> (CONFIG_SPECULATION_MITIGATIONS), so, this will be a similar one.
So you can get what you want by disabling all those options there,
right?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 13:32 ` Borislav Petkov
@ 2023-06-12 13:46 ` Breno Leitao
2023-06-12 13:53 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: Breno Leitao @ 2023-06-12 13:46 UTC (permalink / raw)
To: Borislav Petkov
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 03:32:30PM +0200, Borislav Petkov wrote:
> On Mon, Jun 12, 2023 at 05:54:56AM -0700, Breno Leitao wrote:
> > 1) We keep consistency with other CONFIG options. Linux already has a
> > CONFIG option to enable/disable mitigations for speculations
> > (CONFIG_SPECULATION_MITIGATIONS), so, this will be a similar one.
>
> So you can get what you want by disabling all those options there,
> right?
This patch proposes creating CONFIG_CPU_MITIGATIONS_DEFAULT_OFF that
will turn all the mitigations off in a binary, which is the same as
passing mitigations=off in the command line when the kernel boots.
Setting CONFIG_SPECULATION_MITIGATIONS=n does *not* disable all the
mitigations, as, there are some mitigations that are *not* disabled when
you pass CONFIG_SPECULATION_MITIGATIONS=n. As an example (from my
memory - need to double check in 6.4), MDS and TAA mitigations are not
disabled when CONFIG_SPECULATION_MITIGATIONS=n. MDS and TAA mitigations
are disabled when `mitigations=off` parameter is passed, tho.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 13:46 ` Breno Leitao
@ 2023-06-12 13:53 ` Borislav Petkov
2023-06-12 14:16 ` Breno Leitao
0 siblings, 1 reply; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 13:53 UTC (permalink / raw)
To: Breno Leitao
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 06:46:16AM -0700, Breno Leitao wrote:
> MDS and TAA mitigations are disabled when `mitigations=off` parameter
> is passed, tho.
So add them to that menu.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 13:53 ` Borislav Petkov
@ 2023-06-12 14:16 ` Breno Leitao
2023-06-12 16:08 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: Breno Leitao @ 2023-06-12 14:16 UTC (permalink / raw)
To: Borislav Petkov
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 03:53:01PM +0200, Borislav Petkov wrote:
> On Mon, Jun 12, 2023 at 06:46:16AM -0700, Breno Leitao wrote:
> > MDS and TAA mitigations are disabled when `mitigations=off` parameter
> > is passed, tho.
>
> So add them to that menu.
Sorry, to waht menu specifically?
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 14:16 ` Breno Leitao
@ 2023-06-12 16:08 ` Borislav Petkov
2023-06-12 16:37 ` Breno Leitao
2023-06-12 18:06 ` Randy Dunlap
0 siblings, 2 replies; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 16:08 UTC (permalink / raw)
To: Breno Leitao
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 07:16:18AM -0700, Breno Leitao wrote:
> Sorry, to waht menu specifically?
CONFIG_SPECULATION_MITIGATIONS
It even has the proper text in there, warning people.
menuconfig SPECULATION_MITIGATIONS
bool "Mitigations for speculative execution vulnerabilities"
default y
help
Say Y here to enable options which enable mitigations for
speculative execution hardware vulnerabilities.
If you say N, all mitigations will be disabled. You really
should know what you are doing to say so.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 16:08 ` Borislav Petkov
@ 2023-06-12 16:37 ` Breno Leitao
2023-06-12 17:05 ` Borislav Petkov
2023-06-12 17:26 ` Thomas Gleixner
2023-06-12 18:06 ` Randy Dunlap
1 sibling, 2 replies; 20+ messages in thread
From: Breno Leitao @ 2023-06-12 16:37 UTC (permalink / raw)
To: Borislav Petkov, pawan.kumar.gupta
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 06:08:07PM +0200, Borislav Petkov wrote:
> On Mon, Jun 12, 2023 at 07:16:18AM -0700, Breno Leitao wrote:
> > Sorry, to waht menu specifically?
>
> CONFIG_SPECULATION_MITIGATIONS
>
> It even has the proper text in there, warning people.
>
> menuconfig SPECULATION_MITIGATIONS
> bool "Mitigations for speculative execution vulnerabilities"
> default y
> help
> Say Y here to enable options which enable mitigations for
> speculative execution hardware vulnerabilities.
I am not sure if these bugs (MDS, TAA) are speculations related. Pawan
could help us here.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 16:37 ` Breno Leitao
@ 2023-06-12 17:05 ` Borislav Petkov
2023-06-13 16:02 ` Breno Leitao
2023-06-12 17:26 ` Thomas Gleixner
1 sibling, 1 reply; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 17:05 UTC (permalink / raw)
To: Breno Leitao
Cc: pawan.kumar.gupta, Thomas Gleixner, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 09:37:07AM -0700, Breno Leitao wrote:
> I am not sure if these bugs (MDS, TAA) are speculations related. Pawan
> could help us here.
"Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access..."
"TAA is a hardware vulnerability that allows unprivileged speculative
access to data which is available in various CPU..."
That's all in the tree.
Your grep no workie?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 16:37 ` Breno Leitao
2023-06-12 17:05 ` Borislav Petkov
@ 2023-06-12 17:26 ` Thomas Gleixner
1 sibling, 0 replies; 20+ messages in thread
From: Thomas Gleixner @ 2023-06-12 17:26 UTC (permalink / raw)
To: Breno Leitao, Borislav Petkov, pawan.kumar.gupta
Cc: pawan.kumar.gupta, paul, leit, x86, linux-kernel
On Mon, Jun 12 2023 at 09:37, Breno Leitao wrote:
> On Mon, Jun 12, 2023 at 06:08:07PM +0200, Borislav Petkov wrote:
>> On Mon, Jun 12, 2023 at 07:16:18AM -0700, Breno Leitao wrote:
>> > Sorry, to waht menu specifically?
>>
>> CONFIG_SPECULATION_MITIGATIONS
>>
>> It even has the proper text in there, warning people.
>>
>> menuconfig SPECULATION_MITIGATIONS
>> bool "Mitigations for speculative execution vulnerabilities"
>> default y
>> help
>> Say Y here to enable options which enable mitigations for
>> speculative execution hardware vulnerabilities.
>
> I am not sure if these bugs (MDS, TAA) are speculations related. Pawan
> could help us here.
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html
might answer your question.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 16:08 ` Borislav Petkov
2023-06-12 16:37 ` Breno Leitao
@ 2023-06-12 18:06 ` Randy Dunlap
2023-06-12 18:13 ` Borislav Petkov
1 sibling, 1 reply; 20+ messages in thread
From: Randy Dunlap @ 2023-06-12 18:06 UTC (permalink / raw)
To: Borislav Petkov, Breno Leitao
Cc: Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86, linux-kernel
On 6/12/23 09:08, Borislav Petkov wrote:
> On Mon, Jun 12, 2023 at 07:16:18AM -0700, Breno Leitao wrote:
>> Sorry, to waht menu specifically?
>
> CONFIG_SPECULATION_MITIGATIONS
>
> It even has the proper text in there, warning people.
>
> menuconfig SPECULATION_MITIGATIONS
> bool "Mitigations for speculative execution vulnerabilities"
> default y
> help
> Say Y here to enable options which enable mitigations for
> speculative execution hardware vulnerabilities.
>
> If you say N, all mitigations will be disabled. You really
> should know what you are doing to say so.
I would say: doing to say No.
Was there a typo there?
thanks.
--
~Randy
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 18:06 ` Randy Dunlap
@ 2023-06-12 18:13 ` Borislav Petkov
0 siblings, 0 replies; 20+ messages in thread
From: Borislav Petkov @ 2023-06-12 18:13 UTC (permalink / raw)
To: Randy Dunlap
Cc: Breno Leitao, Thomas Gleixner, pawan.kumar.gupta, paul, leit, x86,
linux-kernel
On Mon, Jun 12, 2023 at 11:06:35AM -0700, Randy Dunlap wrote:
> > If you say N, all mitigations will be disabled. You really
> > should know what you are doing to say so.
>
> I would say: doing to say No.
>
> Was there a typo there?
I don't think so - it reads right to me this way too. Yours would simply
make it more explicit but the "so" is the "N" at the beginning of the
sentence:
"You really should know what you're doing to say so, i.e., the N".
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-12 17:05 ` Borislav Petkov
@ 2023-06-13 16:02 ` Breno Leitao
2023-06-13 16:20 ` Borislav Petkov
0 siblings, 1 reply; 20+ messages in thread
From: Breno Leitao @ 2023-06-13 16:02 UTC (permalink / raw)
To: Borislav Petkov
Cc: pawan.kumar.gupta, Thomas Gleixner, paul, leit, x86, linux-kernel
On Mon, Jun 12, 2023 at 07:05:32PM +0200, Borislav Petkov wrote:
> On Mon, Jun 12, 2023 at 09:37:07AM -0700, Breno Leitao wrote:
> > I am not sure if these bugs (MDS, TAA) are speculations related. Pawan
> > could help us here.
>
> "Microarchitectural Data Sampling is a hardware vulnerability which allows
> unprivileged speculative access..."
>
> "TAA is a hardware vulnerability that allows unprivileged speculative
> access to data which is available in various CPU..."
Is it OK if I send a patch that would disable these mitigations if
CONFIG_SPECULATION_MITIGATIONS is set to "no"?
Thank you!
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH] cpu/bugs: Disable CPU mitigations at compilation time
2023-06-13 16:02 ` Breno Leitao
@ 2023-06-13 16:20 ` Borislav Petkov
0 siblings, 0 replies; 20+ messages in thread
From: Borislav Petkov @ 2023-06-13 16:20 UTC (permalink / raw)
To: Breno Leitao
Cc: pawan.kumar.gupta, Thomas Gleixner, paul, leit, x86, linux-kernel
On Tue, Jun 13, 2023 at 09:02:50AM -0700, Breno Leitao wrote:
> Is it OK if I send a patch that would disable these mitigations if
> CONFIG_SPECULATION_MITIGATIONS is set to "no"?
Isn't this the direction we're going to?
So yes, I was suggesting exactly that - add those mitigations to that
submenu so that they can be controlled with config options too, like the
others.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2023-06-13 16:20 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-03 12:06 [PATCH] cpu/bugs: Disable CPU mitigations at compilation time Breno Leitao
2023-06-09 17:33 ` Borislav Petkov
2023-06-12 11:22 ` David Laight
2023-06-12 11:51 ` Borislav Petkov
2023-06-12 12:16 ` David Laight
2023-06-12 13:27 ` Borislav Petkov
2023-06-10 22:37 ` Thomas Gleixner
2023-06-12 12:54 ` Breno Leitao
2023-06-12 13:32 ` Borislav Petkov
2023-06-12 13:46 ` Breno Leitao
2023-06-12 13:53 ` Borislav Petkov
2023-06-12 14:16 ` Breno Leitao
2023-06-12 16:08 ` Borislav Petkov
2023-06-12 16:37 ` Breno Leitao
2023-06-12 17:05 ` Borislav Petkov
2023-06-13 16:02 ` Breno Leitao
2023-06-13 16:20 ` Borislav Petkov
2023-06-12 17:26 ` Thomas Gleixner
2023-06-12 18:06 ` Randy Dunlap
2023-06-12 18:13 ` Borislav Petkov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).