lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jan 2018 16:09:27 -0800 From: Andi Kleen <andi@...stfloor.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andi Kleen <andi@...stfloor.org>, tglx@...utronix.de, Greg Kroah-Hartman <gregkh@...ux-foundation.org>, dwmw@...zon.co.uk, Tim Chen <tim.c.chen@...ux.intel.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Dave Hansen <dave.hansen@...el.com> Subject: Re: Avoid speculative indirect calls in kernel Hi Linus, On Wed, Jan 03, 2018 at 03:51:35PM -0800, Linus Torvalds wrote: > On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@...stfloor.org> wrote: > > This is a fix for Variant 2 in > > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > > > Any speculative indirect calls in the kernel can be tricked > > to execute any kernel code, which may allow side channel > > attacks that can leak arbitrary kernel data. > > Why is this all done without any configuration options? I was thinking of a config option, but I was struggling with a name. CONFIG_INSECURE_KERNEL, CONFIG_LEAK_MEMORY? And should it be positive or negative? So I opted to be secure uncontionally. It would be simple to add however, all hooks are either in the Makefile or in asm/jump-asm.h > - these workarounds should have a way to disable them. > There will be soon patches to add other ways and they have a way to patch out most of the retpoline overhead at runtime (basically replace the trampoline with a pure ret) We just wanted to get the retpoline code out first because it's the most basic and widest applicable fix. -Andi
Powered by blists - more mailing lists