From: Andi Kleen <ak@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v5 00/27] MDSv5 19
Date: Mon, 21 Jan 2019 17:14:17 -0800 [thread overview]
Message-ID: <20190122011417.GQ6118@tassilo.jf.intel.com> (raw)
In-Reply-To: <CAHk-=wgfjmE7998sVjb9ZnESkPL4i=955voabC59kFW33OvWVA@mail.gmail.com>
On Tue, Jan 22, 2019 at 10:18:05AM +1300, speck for Linus Torvalds wrote:
> On Tue, Jan 22, 2019 at 8:54 AM speck for Andi Kleen
> <speck@linutronix.de> wrote:
> >
> > mds: Mark interrupts clear cpu, unless opted-out
> > mds: Clear cpu on all timers, unless the timer opts-out
> > mds: Clear CPU on tasklets, unless opted-out
> > mds: Clear CPU on irq poll, unless opted-out
>
> I do wonder if this should just be opt-in instead of opt-out?
>
> Just what is the attack vector, and what's the interrupt/timer data
The attack vector is usually a copy. The string instructions can leave
data in places that are not overwritten by normal integer code.
> that is so sensitive? It strikes me as a really hard thing to try to
Part of it was being conservative. I don't really know from what
context that data the timer process came from. But yes most of the
time it's just some meta data, like pointers. But if it copies
user data then it could well be leaked.
The rationale for the opt-out was that it's hard and difficult to audit
all the driver code.
I can audit kernel/* and yes for that part opt-out would make more sense.
But with being conservative and having simple rules and don't make
too much assumptions about unaudited code we can make
a good case that the default policy is safe enough for near everyone
and they don't need mds=full
I'm open to other proposals:
In theory we could have a different default for different
directories with some Makefile trickery, but that might be confusing?
Or could try to find some semi automated way to audit copies
in timers in drivers/* and do opt-in, but that's likely a substantial project.
It would also need to be repeated for backports and out of tree.
Thoughts?
-Andi
next prev parent reply other threads:[~2019-01-22 1:14 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-19 0:50 [MODERATED] [PATCH v5 00/27] MDSv5 19 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 01/27] MDSv5 26 Andi Kleen
2019-01-22 4:17 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 12:46 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 02/27] MDSv5 14 Andi Kleen
2019-01-22 4:20 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 12:51 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 03/27] MDSv5 16 Andi Kleen
2019-01-22 4:23 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 12:55 ` Thomas Gleixner
2019-01-27 21:58 ` Thomas Gleixner
2019-01-28 3:30 ` [MODERATED] " Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 04/27] MDSv5 15 Andi Kleen
2019-01-22 4:33 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 12:59 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 05/27] MDSv5 21 Andi Kleen
2019-01-22 4:35 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 13:01 ` Thomas Gleixner
2019-02-21 12:06 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 06/27] MDSv5 18 Andi Kleen
2019-01-21 22:41 ` [MODERATED] " Josh Poimboeuf
2019-01-22 1:16 ` Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 07/27] MDSv5 0 Andi Kleen
2019-01-22 4:39 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-27 22:09 ` Thomas Gleixner
2019-01-28 3:33 ` [MODERATED] " Andi Kleen
2019-01-28 8:29 ` Thomas Gleixner
2019-02-13 22:26 ` [MODERATED] " Tyler Hicks
2019-01-19 0:50 ` [MODERATED] [PATCH v5 08/27] MDSv5 13 Andi Kleen
2019-01-22 4:40 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 09/27] MDSv5 23 Andi Kleen
2019-01-22 4:56 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 7:26 ` Greg KH
2019-01-22 13:07 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 10/27] MDSv5 7 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 11/27] MDSv5 2 Andi Kleen
2019-01-22 13:11 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 12/27] MDSv5 6 Andi Kleen
2019-01-22 14:01 ` Thomas Gleixner
2019-01-22 15:42 ` Thomas Gleixner
2019-01-22 18:01 ` [MODERATED] " Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 13/27] MDSv5 17 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 14/27] MDSv5 3 Andi Kleen
2019-01-22 4:48 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 15:58 ` Thomas Gleixner
2019-01-22 17:57 ` Thomas Gleixner
2019-01-23 1:35 ` [MODERATED] " Andi Kleen
2019-01-23 9:27 ` Thomas Gleixner
2019-01-23 16:02 ` [MODERATED] " Andi Kleen
2019-01-23 22:40 ` Josh Poimboeuf
2019-01-23 22:57 ` Josh Poimboeuf
2019-01-24 0:25 ` Josh Poimboeuf
2019-01-24 2:26 ` Andi Kleen
2019-01-24 12:04 ` Thomas Gleixner
2019-01-28 3:42 ` [MODERATED] " Andi Kleen
2019-01-28 8:33 ` Thomas Gleixner
2019-02-16 2:00 ` [MODERATED] " Andi Kleen
2019-02-16 10:32 ` Thomas Gleixner
2019-02-16 16:58 ` [MODERATED] " Andi Kleen
2019-02-16 17:12 ` Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 15/27] MDSv5 1 Andi Kleen
2019-01-22 4:48 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 16/27] MDSv5 10 Andi Kleen
2019-01-22 4:54 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-22 7:33 ` Greg KH
2019-01-19 0:50 ` [MODERATED] [PATCH v5 17/27] MDSv5 9 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 18/27] MDSv5 8 Andi Kleen
2019-01-22 5:07 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 19/27] MDSv5 12 Andi Kleen
2019-01-22 5:09 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 20/27] MDSv5 27 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 21/27] MDSv5 20 Andi Kleen
2019-01-22 5:11 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 22/27] MDSv5 24 Andi Kleen
2019-01-21 21:24 ` [MODERATED] " Linus Torvalds
2019-01-22 1:22 ` Andi Kleen
2019-01-22 16:09 ` Thomas Gleixner
2019-01-22 17:56 ` [MODERATED] " Andi Kleen
2019-01-22 18:56 ` Thomas Gleixner
2019-01-23 1:39 ` [MODERATED] " Andi Kleen
2019-01-23 6:39 ` Greg KH
2019-01-24 9:55 ` Thomas Gleixner
2019-01-19 0:50 ` [MODERATED] [PATCH v5 23/27] MDSv5 22 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 24/27] MDSv5 5 Andi Kleen
2019-01-21 21:20 ` [MODERATED] " Linus Torvalds
2019-01-19 0:50 ` [MODERATED] [PATCH v5 25/27] MDSv5 4 Andi Kleen
2019-01-22 5:15 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-01-19 0:50 ` [MODERATED] [PATCH v5 26/27] MDSv5 11 Andi Kleen
2019-01-19 0:50 ` [MODERATED] [PATCH v5 27/27] MDSv5 25 Andi Kleen
2019-01-21 21:18 ` [MODERATED] Re: [PATCH v5 00/27] MDSv5 19 Linus Torvalds
2019-01-22 1:14 ` Andi Kleen [this message]
2019-01-22 7:38 ` Greg KH
2019-01-28 11:34 ` Thomas Gleixner
2019-02-13 22:33 ` [MODERATED] " Tyler Hicks
2019-02-14 13:09 ` Jiri Kosina
2019-02-14 13:51 ` Greg KH
2019-02-14 16:53 ` Andi Kleen
2019-02-14 18:00 ` Greg KH
2019-02-14 18:05 ` Andrew Cooper
2019-02-14 18:33 ` Andi Kleen
2019-02-14 18:52 ` Greg KH
2019-02-14 19:50 ` Andi Kleen
2019-02-15 7:06 ` Greg KH
2019-02-15 13:06 ` Andi Kleen
2019-02-19 12:12 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190122011417.GQ6118@tassilo.jf.intel.com \
--to=ak@linux.intel.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.