| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jan 2018 16:44:15 -0800
From: Andi Kleen <ak@...ux.intel.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "Woodhouse, David" <dwmw@...zon.co.uk>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"tim.c.chen@...ux.intel.com" <tim.c.chen@...ux.intel.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"riel@...hat.com" <riel@...hat.com>,
"keescook@...gle.com" <keescook@...gle.com>,
"gnomes@...rguk.ukuu.org.uk" <gnomes@...rguk.ukuu.org.uk>,
"pjt@...gle.com" <pjt@...gle.com>,
"dave.hansen@...el.com" <dave.hansen@...el.com>,
"luto@...capital.net" <luto@...capital.net>,
"jikos@...nel.org" <jikos@...nel.org>,
"gregkh@...ux-foundation.org" <gregkh@...ux-foundation.org>
Subject: Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows
on context switch
> So I was really hoping that in places like context switching etc, we'd
> be able to instead effectively kill off any exploits by clearing
> registers.
>
> That should make it pretty damn hard to then find a matching "gadget"
> that actually does anything interesting/powerful.
>
> Together with Spectre already being pretty hard to take advantage of,
> and the eBPF people making those user-proivided gadgets inaccessible,
> it really should be a pretty powerful fix.
>
> Hmm?
Essentially the RSB are hidden registers, and the only way to clear them
is the FILL_RETURN_BUFFER sequence. I don't see how clearing anything else
would help?
-Andi
Powered by blists - more mailing lists