[PATCH gnupg v10] Disable CPU speculation-related misfeatures
Guido Trentalancia
guido at trentalancia.com
Wed Jul 9 18:41:12 CEST 2025
I have tested it and the logging works flawlessly going to stdout or
stderr.
If you think you can bring improvements, you can modify the code in a
subsequent commit.
I am happy with the current status of the patch, it's simple and it
solves a real security issue.
On Wed, 09/07/2025 at 16.49 +0200, Werner Koch wrote:
> On Tue, 8 Jul 2025 21:38, Guido Trentalancia said:
> > +void sigbus_handler(int signo)
> > +{
> > + if (signo == SIGBUS)
> > + {
> > + log_info ("Warning: Level 1 Data Cache flushing requires the
> > \"nosmt\" boot parameter.\n");
>
> You can't use stdio function in asignal handler! You should also use
> sigaction for better portability. Prooer use of signals in a GnuPG
> component is by using the nPth signal features.
sigaction() is now being used in v11. I am happy with that latest
version, if you think you can bring improvements, you should do that in
subsequent commits.
> > void
> > early_system_init (void)
>
> [...]
> > + log_info ("Warning: cannot catch the SIGBUS signal.\n");
>
> Not in early_system_init. The logging system has not been setupat
> this
> point.
Guido
More information about the Gnupg-devel
mailing list