lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180105120100.73f0b4b7@alans-desktop>
Date:   Fri, 5 Jan 2018 12:01:00 +0000
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@...el.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/7] x86/enter: Use IBRS on syscall and interrupts

On Thu, 4 Jan 2018 21:11:23 -0800
Dave Hansen <dave.hansen@...el.com> wrote:

> On 01/04/2018 08:51 PM, Andy Lutomirski wrote:
> > Do we need an arch_prctl() to enable IBRS for user mode?  
> 
> Eventually, once the dust settles.  I think there's a spectrum of
> paranoia here, that is roughly (with increasing paranoia):
> 
> 1. do nothing
> 2. do retpoline
> 3. do IBRS in kernel
> 4. do IBRS always
> 
> I think you're asking for ~3.5.

And we'll actually end up with cgroups needing to handle this and a prctl
because the answer is simply not a systemwide single constant. To start
with if my code has CAP_SYS_RAWIO who gives a **** about IBRS protecting
it.

Likewise on many real world systems I trust my base OS (or I might as
well turn off the power) I sort of trust my apps, and I deeply distrust
my web browser which itself probably wants to turn some of the
protections on for crap like javascript and webassembly.

If I'm running containers well my desktop is probably #2 and my container
#3 or #4

There's no point getting hung up about a single magic default number,
because that's not how it's going to end up.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ