lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130501172030.GA8609@thunk.org>
Date:	Wed, 1 May 2013 13:20:31 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Borislav Petkov <bp@...en8.de>,
	Andy Lutomirski <luto@...capital.net>,
	linux-kernel@...r.kernel.org, x86@...nel.org,
	Andrew Lutomirski <luto@....edu>
Subject: Re: [PATCH v5] x86: Enable fast strings on Intel if BIOS hasn't
 already

On Wed, May 01, 2013 at 09:42:30AM -0700, H. Peter Anvin wrote:
> The erratum reads seriously, but it only affects crossings between pages
> of different page types, which is rare in itself.  WT and WP are not
> even used in Linux; the UC case we end up doing 8-byte stores instead of
> the proper size, which is wrong, but for the case where the user is
> malicious the user could just do that directly, and it seems extremely
> hard to envision a scenario where someone would do that intentionally.

Yeah, I wasn't so much worried about a malicious user as much as a
situation where the you're trying to debug a mysterious and
hard-to-reproduce failure, start tearing your hair out, and wondering
whether you're going insane or the compiler hates you and is out to
get you and you start staring at assembly code to try to figure out
how some piece of memory got mysteriously corrupted....

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ