| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 May 2016 14:44:08 -0700 From: Andy Lutomirski <luto@...capital.net> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Dave Hansen <dave.hansen@...el.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "H. Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org> Subject: Re: [PATCH] [RFC] x86: work around MPX Erratum On Tue, May 3, 2016 at 2:39 PM, Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Tue, May 3, 2016 at 2:31 PM, Andy Lutomirski <luto@...capital.net> wrote: >> >> Having actually read the erratum: how can this affect Linux at all >> under any scenario where user code hasn't already completely >> compromised the kernel? > > If it matches purely on linear address, you will potentially have > interesting situations with people running in virtualized environments > and crashing programs in other virtual containers or the host. If so, how does SMEP help? There's no guarantee that the same linear address in two different VMs has the same U/S bit in the page tables. IOW, I'm having trouble seeing a situation under which SMEP matters and Linux would be affected in the absence of SMEP. --Andy
Powered by blists - more mailing lists