lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1515633178.22302.290.camel@infradead.org>
Date:   Thu, 11 Jan 2018 01:12:58 +0000
From:   David Woodhouse <dwmw2@...radead.org>
To:     Tom Lendacky <thomas.lendacky@....com>,
        Andi Kleen <ak@...ux.intel.com>
Cc:     Paul Turner <pjt@...gle.com>, LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>, tglx@...utronix.de,
        Kees Cook <keescook@...gle.com>,
        Rik van Riel <riel@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...capital.net>,
        Jiri Kosina <jikos@...nel.org>, gnomes@...rguk.ukuu.org.uk,
        x86@...nel.org, bp@...en8.de, rga@...zon.de
Subject: Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit

On Thu, 2018-01-11 at 01:04 +0000, David Woodhouse wrote:
> On Wed, 2018-01-10 at 18:14 -0600, Tom Lendacky wrote:
> > On 1/10/2018 5:47 PM, David Woodhouse wrote:
> > > Now smoke tested with Intel VT-x, but not yet on AMD. Tom, would you be
> > > able to do that?
> > Yes, I'll try to get to it as soon as I can, but it might be tomorrow
> > (morning).
> Thanks. I've pushed an updated version to
> http://git.infradead.org/users/dwmw2/linux-retpoline.git/

Oh, and the RSB-stuffing on kernel entry from userspace turns out now
to be an AMD-only thing, because it's for !SMEP && !PTI.

So we'll want to make up an appropriate feature bit and then do
'FILL_RETURN_BUFFER %a_reg X86_FEATURE_STUFF_RSB_K2U' in the
appropriate places in entry*.S. I think some of Tim's patch set already
highlighted the places it was needed?

With that, I think we have the final details for retpoline worked out
for everything except Skylake. And seriously, screw Skylake at least
for now. It can use IBRS, or take its chances with the additional
problems it might have.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5213 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ