RE: [PATCH v4 17/36] Documentation/x86: Document the new attack vector controls

[Kaplan, David]

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> Sent: Tuesday, April 15, 2025 10:32 AM
> To: Kaplan, David <David.Kaplan@xxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>; Borislav Petkov <bp@xxxxxxxxx>;
> Peter Zijlstra <peterz@xxxxxxxxxxxxx>; Pawan Gupta
> <pawan.kumar.gupta@xxxxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>; Dave
> Hansen <dave.hansen@xxxxxxxxxxxxxxx>; x86@xxxxxxxxxx; H . Peter Anvin
> <hpa@xxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx; Brendan Jackman
> <jackmanb@xxxxxxxxxx>; Derek Manwaring <derekmn@xxxxxxxxxx>
> Subject: Re: [PATCH v4 17/36] Documentation/x86: Document the new attack
> vector controls
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On Tue, Apr 15, 2025 at 02:59:32PM +0000, Kaplan, David wrote:
> > > > > > +BHI                   X                           X
> > > > > > +GDS                   X              X            X              X        (Note 1)
> > > > > > +L1TF                  X                           X                       (Note 2)
> > > > > > +MDS                   X              X            X              X        (Note 2)
> > > > > > +MMIO                  X              X            X              X        (Note 2)
> > > > > > +Meltdown              X
> > > > > > +Retbleed              X                           X                       (Note 3)
> > > > > > +RFDS                  X              X            X              X
> > > > > > +Spectre_v1            X
> > > > > > +Spectre_v2            X                           X
> > > > > > +Spectre_v2_user                      X                           X        (Note 1)
> > > > > > +SRBDS                 X              X            X              X
> > > > > > +SRSO                  X                           X
> > > > > > +SSB (Note 4)
> > > > >
> > > > > Any reason not to put the "Note 4" in the same column as the others?
> > > > >
> > > >
> > > > The other notes are about cross-thread mitigation specifically and
> > > > those notes
> > > refer to the SMT aspects of those issues.
> > > >
> > > > Note 4 in this case is about the SSB vulnerability itself,
> > > > explaining that by default there is no mitigation for any case.  I
> > > > was concerned that including SSB but without any X's in any of the
> > > > columns would be confusing, so the note attempted to explain that
> > > > there were no default mitigations for SSB under any attack vector.
> > >
> > > Putting the note there makes it a lot harder to see it.  And I think
> > > the lack of X's is accurate, no?
> > >
> >
> > It is, it's just rather unique compared to the other bugs.  I could
> > remove the note entirely, but I was concerned that might look odd
> > because it'd be the only bug that isn't mitigated under any of the
> > attack vectors.  And that's really just because the current default is
> > not to mitigate that one.
>
> I think the note is helpful, it attempts to explain why there are no X's.  I was just
> thinking that it seems more logical to put it in the same column as the others.  And
> that would also help make it more clear that yes, the X's are missing.  Which is
> indeed odd, but it's also the reality.
>

Right, except that the last column is about the cross-thread vector, which is irrelevant for SSB.  All the other notes specifically pertain to SMT leakage.

I could put the '(Note 4)' text in every column, but that might be even weirder.  I could also remove SSB entirely from the table since it isn't technically relevant for any of the attack vector controls?

--David Kaplan