Bugzilla – Bug 1217857
VUL-0: CVE-2024-2193: GhostRace: Exploiting and Mitigating Speculative Race Conditions
Last modified: 2024-05-27 14:45:46 UTC
CRD: 2024-03-03
new CRD: 2024-03-12
https://bugzilla.suse.com/show_bug.cgi?id=1220398 related public CVE bug for sys_membarrier (that was used to slow down the system)
AFAIU there won't be any specific fixes being released for this one? The sys_membarrier one should have already been fixed by jiri slaby?
my understanding is that the paper recommends an lfence after the locking primitives?
(In reply to Marcus Meissner from comment #8) > my understanding is that the paper recommends an lfence after the locking > primitives? Yes, however: AMD recommends simply following best practices for Spectre v1: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html As per researcher's own disclosure page: > The Linux kernel developers have no immediate plans to implement our proposed > serialization of synchronization primitives due to performance concerns. So I'd say we should close this issue as won't fix/invalid.
How do we proceed with this one ?
https://www.vusec.net/projects/ghostrace/ To be very frank, I would like to have the lfence mitigation for the spinlocks. Should we discuss this with SUSE kernel team?
(In reply to Marcus Meissner from comment #11) > https://www.vusec.net/projects/ghostrace/ > > To be very frank, I would like to have the lfence mitigation for the > spinlocks. > > Should we discuss this with SUSE kernel team? Yes discuss it and I will vehemently oppose it.
I cosnide the topic closed. Shall we closed as resolved/invalid/won't fix already ?
Shall we get this closed once and for all ?
currently we are not planning to put in additional fixes for this issue.