lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jan 2018 23:55:05 +0100 (CET)
From:   Jiri Kosina <jikos@...nel.org>
To:     Borislav Petkov <bp@...en8.de>
cc:     David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>, Paul Turner <pjt@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Kees Cook <keescook@...gle.com>,
        Rik van Riel <riel@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...capital.net>,
        gnomes@...rguk.ukuu.org.uk, x86@...nel.org,
        thomas.lendacky@....com, Josh Poimboeuf <jpoimboe@...hat.com>
Subject: Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select
 Spectre v2 mitigation

On Tue, 23 Jan 2018, Borislav Petkov wrote:

> > +		mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC :
> > +					 SPECTRE_V2_RETPOLINE_MINIMAL;
> 					^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> but that might not always be an option.

I think we should start recording CFLAGS the kernel has been compiled with 
anyway; doesn't hurt and might come handy when debugging.

/proc/version is probably not the best place ... /proc/cflags?

> And it probably should be a more reliable method which we probably could
> use to detect !retpolined modules too.

That's the vermagic stuff Andi pushed. But that's not really acceptable 
for distros.

Distros have always been in the situation "we let the external modules to 
load, as it'll work when it comes to functionality, but then it's our 
duty/responsibility to explain to 3rd parties that they *really* should 
recompile". Mostly because of security fixes to static inlines, but not 
only that.

So that vermagic patch doesn't really help anything in real world (FWIW 
I've just dropped it from SLE kernel). "Potentially insecure" doesn't mean 
it shouldn't be loaded if the user wishes so. Only "functionally 
incorrect" (which is the kernel ABI compatibility check) should be the 
show stopper.

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ