lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Jan 2018 13:40:10 +0000
From:   "Woodhouse, David" <dwmw@...zon.co.uk>
To:     Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Van De Ven, Arjan" <arjan.van.de.ven@...el.com>
CC:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Andi Kleen <ak@...ux.intel.com>, Paul Turner <pjt@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "Linus Torvalds" <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        "Dave Hansen" <dave.hansen@...el.com>,
        Kees Cook <keescook@...gle.com>,
        "Rik van Riel" <riel@...hat.com>,
        Andy Lutomirski <luto@...capital.net>,
        Jiri Kosina <jikos@...nel.org>, <gnomes@...rguk.ukuu.org.uk>
Subject: Re: [PATCH v6 01/10] x86/retpoline: Add initial retpoline support

On Tue, 2018-01-09 at 13:36 +0100, Peter Zijlstra wrote:
> On Mon, Jan 08, 2018 at 02:46:32PM +0100, Thomas Gleixner wrote:
> > On Mon, 8 Jan 2018, Josh Poimboeuf wrote:
> 
> > > I wonder if an error might be more appropriate than a warning.  I
> > > learned from experience that a lot of people don't see these Makefile
> > > warnings, and this would be a dangerous one to miss.
> > > 
> > > Also if this were an error, you could get rid of the RETPOLINE define,
> > > and that would be one less define cluttering up the already way-too-long
> > > GCC arg list.
> > 
> > It still allows to get the ASM part covered. If that's worth it I can't tell.
> 
> So elsewhere you stated we're dropping support for GCC without asm-goto
> (<4.5), does it then make sense to make one more step and mandate a
> retpoline capable compiler, which would put us at >=4.9 (for x86).
> 
> That would get rid of this weird case as well.

Yeah... I don't have strong feelings there.

Arjan (IIRC) had asked me to keep it this way.

The idea was that those were the *easy* targets for an attacker to
find; especially in entry_64.S it's asm all the way to the indirect
branch. A rootkit might be targeted at entirely unpatched systems which
leave that vulnerable, and *even* though there are other targets which
could be found with more work, doing just the asm code might well end
up protecting from such an attack in practice.

The CONFIG_RETPOLINE/!RETPOLINE case isn't really *that* much
complexity; I don't really care about that either.

On the whole, I'm inclined to leave it as it is without further
bikeshedding for now. We can change it later once all those GCC
releases have been made with the backports, perhaps.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5210 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ