Re: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls

From: Josh Poimboeuf
Date: Mon Apr 14 2025 - 19:51:21 EST

Next message: Cal Peake: "Re: [STABLE] 6.12.23: vfio error (was: arch/x86/coco/tdx/tdx.c build error)"
Previous message: Junxuan Liao: "Re: [PATCH] x86/tracing: introduce enter/exit tracepoint pairs for page faults"
In reply to: Kaplan, David: "RE: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls"
Next in thread: Kaplan, David: "RE: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 14, 2025 at 09:15:54PM +0000, Kaplan, David wrote:
> [AMD Official Use Only - AMD Internal Distribution Only]
>
> > -----Original Message-----
> > From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> > Sent: Thursday, April 10, 2025 1:15 PM
> > To: Kaplan, David <David.Kaplan@xxxxxxx>
> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>;
> > Peter Zijlstra <peterz@xxxxxxxxxxxxx>; Pawan Gupta
> > <pawan.kumar.gupta@xxxxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Dave
> > Hansen <dave.hansen@xxxxxxxxxxxxxxx>; x86@xxxxxxxxxx; H . Peter Anvin
> > <hpa@xxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; Brendan Jackman
> > <jackmanb@xxxxxxxxxx>; Derek Manwaring <derekmn@xxxxxxxxxx>
> > Subject: Re: [PATCH v4 17/36] Documentation/x86: Document the new attack
> > vector controls
> >
> > Caution: This message originated from an External Source. Use proper caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > On Mon, Mar 10, 2025 at 11:40:04AM -0500, David Kaplan wrote:
> > > +=============== ============== ============ =============
> > ============== ============
> > > +Vulnerability User-to-Kernel User-to-User Guest-to-Host Guest-to-Guest
> > Cross-Thread
> > > +=============== ============== ============ =============
> > ============== ============
> > > +BHI X X
> > > +GDS X X X X (Note 1)
> > > +L1TF X X (Note 2)
> > > +MDS X X X X (Note 2)
> > > +MMIO X X X X (Note 2)
> > > +Meltdown X
> > > +Retbleed X X (Note 3)
> > > +RFDS X X X X
> > > +Spectre_v1 X
> > > +Spectre_v2 X X
> > > +Spectre_v2_user X X (Note 1)
> > > +SRBDS X X X X
> > > +SRSO X X
> > > +SSB (Note 4)
> >
> > Any reason not to put the "Note 4" in the same column as the others?
> >
>
> The other notes are about cross-thread mitigation specifically and those notes refer to the SMT aspects of those issues.
>
> Note 4 in this case is about the SSB vulnerability itself, explaining
> that by default there is no mitigation for any case. I was concerned
> that including SSB but without any X's in any of the columns would be
> confusing, so the note attempted to explain that there were no default
> mitigations for SSB under any attack vector.

Putting the note there makes it a lot harder to see it. And I think the
lack of X's is accurate, no?

--
Josh

Next message: Cal Peake: "Re: [STABLE] 6.12.23: vfio error (was: arch/x86/coco/tdx/tdx.c build error)"
Previous message: Junxuan Liao: "Re: [PATCH] x86/tracing: introduce enter/exit tracepoint pairs for page faults"
In reply to: Kaplan, David: "RE: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls"
Next in thread: Kaplan, David: "RE: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]