lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAPM31R+gc0=kuNStS=775tL=fWFJFtrxF7En17onmK6v6MUXCw@mail.gmail.com>
Date:   Wed, 3 Jan 2018 17:00:26 -0800
From:   Paul Turner <pjt@...gle.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andi Kleen <andi@...stfloor.org>, tglx@...uxtronix.de,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        "Woodhouse, David" <dwmw@...zon.co.uk>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Dave Hansen <dave.hansen@...el.com>
Subject: Re: Avoid speculative indirect calls in kernel

On Wed, Jan 3, 2018 at 3:51 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@...stfloor.org> wrote:
>> This is a fix for Variant 2 in
>> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>>
>> Any speculative indirect calls in the kernel can be tricked
>> to execute any kernel code, which may allow side channel
>> attacks that can leak arbitrary kernel data.
>
> Why is this all done without any configuration options?
>
> A *competent* CPU engineer would fix this by making sure speculation
> doesn't happen across protection domains. Maybe even a L1 I$ that is
> keyed by CPL.
>
> I think somebody inside of Intel needs to really take a long hard look
> at their CPU's, and actually admit that they have issues instead of
> writing PR blurbs that say that everything works as designed.
>
> .. and that really means that all these mitigation patches should be
> written with "not all CPU's are crap" in mind.
>
> Or is Intel basically saying "we are committed to selling you shit
> forever and ever, and never fixing anything"?
>
> Because if that's the case, maybe we should start looking towards the
> ARM64 people more.
>
> Please talk to management. Because I really see exactly two possibibilities:
>
>  - Intel never intends to fix anything
>
> OR
>
>  - these workarounds should have a way to disable them.
>
> Which of the two is it?
>
>                    Linus

With all of today's excitement these raced slightly with a post we are
making explaining the technique and its application.
The modifications are mostly at the compiler level, to produce
binaries which can safely execute on an affected target.
(Discussing how such a binary could be cross-compiled for vulnerable
and non-vulnerable targets is an interesting discussion, but right
now, all targets are obviously vulnerable.)

Let me finish getting the post up and I'll bring back more context here.

- Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ