[PATCH gnupg v14] Disable CPU speculation-related misfeatures
Jacob Bachmeyer
jcb62281 at gmail.com
Fri Jul 11 05:01:03 CEST 2025
On 7/10/25 12:27, Guido Trentalancia wrote:
> On Tue, 08/07/2025 at 20.02 -0500, Jacob Bachmeyer wrote:
>> On 7/8/25 14:38, Guido Trentalancia via Gnupg-devel wrote:
>>> The following new v10 patch has been created to fix a missing
>>> #ifdef
>>> and header file check for the case of L1D cache flushing.
>>> [...]
>> Two major issues, further explained inline below:
>> - You are installing the signal handler incorrectly; this will
>> interfere with other possible uses of SIGBUS.
>> - Your message from configure when testing the option to request
>> L1 cache flushes is misleading.
>> Further, none of this actually *fixes* anything; these are
>> *workarounds* for widespread hardware bugs.
>> Also, have you actually tested this on a machine where the request
>> for L1 cache flushes raises SIGBUS?
> I have tested it with SIGBUS (just boot with "l1d_flush=on", but
> without adding "nosmt"): it needs a 1-second delay in order to properly
> set up the signal handlers before actually logging the error, such
> delay is introduced in v14 patch that follows...
Where is that one-second delay documented as the correct solution to
this problem?
I strongly suspect that there is actually a race condition here and one
second may or may not be sufficient for the race to produce the intended
result in all cases. Creating a loophole on heavily loaded systems
would be very bad.
Also, I see that the correction of the misleading message from configure
has been reverted somehow.
-- Jacob
More information about the Gnupg-devel
mailing list