[PATCH gnupg v10] Disable CPU speculation-related misfeatures

Guido Trentalancia guido at trentalancia.com
Wed Jul 9 18:41:12 CEST 2025


I have tested it and the logging works flawlessly going to stdout or
stderr.

If you think you can bring improvements, you can modify the code in a
subsequent commit.

I am happy with the current status of the patch, it's simple and it
solves a real security issue.

On Wed, 09/07/2025 at 16.49 +0200, Werner Koch wrote:
> On Tue,  8 Jul 2025 21:38, Guido Trentalancia said:
> > +void sigbus_handler(int signo)
> > +{
> > +  if (signo == SIGBUS)
> > +    {
> > +      log_info ("Warning: Level 1 Data Cache flushing requires the
> > \"nosmt\" boot parameter.\n");
> 
> You can't use stdio function in asignal handler!  You should also use
> sigaction for better portability.  Prooer use of signals in a GnuPG
> component is by using the nPth signal features.

sigaction() is now being used in v11. I am happy with that latest
version, if you think you can bring improvements, you should do that in
subsequent commits.

> >  void
> >  early_system_init (void)
> 
> [...]
> > +      log_info ("Warning: cannot catch the SIGBUS signal.\n");
> 
> Not in early_system_init.  The logging system has not been setupat
> this
> point.

Guido



More information about the Gnupg-devel mailing list