| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jan 2018 15:55:53 +0000
From: "Woodhouse, David" <dwmw@...zon.co.uk>
To: Andi Kleen <andi@...stfloor.org>
CC: "tglx@...utronix.de" <tglx@...utronix.de>,
"torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"gregkh@...ux-foundation.org" <gregkh@...ux-foundation.org>,
"gnomes@...rguk.ukuu.org.uk" <gnomes@...rguk.ukuu.org.uk>,
"tim.c.chen@...ux.intel.com" <tim.c.chen@...ux.intel.com>,
"dave.hansen@...el.com" <dave.hansen@...el.com>
Subject: Re: Avoid speculative indirect calls in kernel
On Thu, 2018-01-04 at 07:53 -0800, Andi Kleen wrote:
>
> I remove that because what you're testing for doesn't exist in the
> tree yet.
>
> Yes it can be added later.
>
> Right now we just want a basic static version to work reliably.
But it doesn't. You can't protect VMs from each other, or userspace
processes from each other, without IBPB. And you really ought to be
setting IBRS before calling any runtime firmware APIs too.
So we really do need to add the microcode support on top right away,
even if we refactor the series to put retpoline first.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5210 bytes)
Powered by blists - more mailing lists