| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1515585534.22302.122.camel@infradead.org>
Date: Wed, 10 Jan 2018 11:58:54 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: Andrea Arcangeli <aarcange@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
Dave Hansen <dave.hansen@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...uxfoundation.org>, x86@...nel.org,
Borislav Petkov <bp@...en8.de>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>,
Greg KH <gregkh@...uxfoundation.org>,
Andy Lutomirski <luto@...nel.org>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>
Subject: Re: [patch RFC 5/5] x86/speculation: Add basic speculation control
code
On Wed, 2018-01-10 at 12:54 +0100, Andrea Arcangeli wrote:
> On Wed, Jan 10, 2018 at 09:27:59AM +0000, David Woodhouse wrote:
> > I don't know why you're calling that 'IBRS=2'; are you getting
> confused
> > by Andrea's distro horridness?
>
> Eh, yes he's got confused. ibrs_enabled 2 simply means to leave IBRS
> set in SPEC_CTLR 100% of the time, except in guest mode.
On all current hardware, if you only set IBRS when you exit a guest,
then you are not protecting yourself from userspace at all. IBRS acts
as a *barrier* in all current hardware.
Future CPUs will have a new feature where you *can* do something like
this, but this is not available yet.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5213 bytes)
Powered by blists - more mailing lists