lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 Jan 2018 22:44:48 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     LKML <linux-kernel@...r.kernel.org>
cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>,
        Peter Zijlstra <peterz@...radead.org>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Jiri Kosina <jikos@...nel.org>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Paul Turner <pjt@...gle.com>
Subject: x86: Meltdown/Spectre_v2 status

Folks!

After 10 days of frenzy following the disclosure of the mess, I'm at a
point where I think that the current set which we have in Linus tree and
the pending patches in tip:x86/pti plus one not yet applied patch (RSB on
context switch) have reached a state where the main targets are covered
even on skylake:

  1) Meltdown is addressed
  2) Retpoline mostly covered if we have working compilers some day 
  3) RSB after vmexit and on context switch (pending)

plus the infrastructure and basic building blocks are in place.

That's what is going to be in 4.15 (unless Linus goes berserk on the pull
requests) and next week should be focussed on eventual fallout, fixes and
small corrections here and there. Also to spend some time on taming the
backlog of our inboxes a bit. There is also stuff happening outside of this
which needs our attention and care.

I want to say thanks to everyone involved and I want to apologize if I went
overboard or offended someone in the course of the discussions.

Surely we all know there is room for improvements, but we also have reached
a state where the remaining issues are not longer to be treated in full
emergency and panic mode. We're good now, but not perfect.

The further RSB vs. IBRS discussion has to be settled in the way we
normally work. We need full documentation, proper working micro code and
actual comparisons of the two approaches vs. performance, coverage of
attack vectors and code complexity/ugliness.

We all are exhausted and at our limits and I think we can agree that having
the most problematic stuff covered is the right point to calm down and put
the heads back on the chickens. Take a break and have a few drinks at least
over the weekend!

To be honest the last 10 days were more horrible than the whole PTI work
due to lack of documentation, 12 different opinions when asking 8 people
(why does this have a lawyer smell?) and an amazing amount of half baken
and hastily cobbled together crap.

Please lets stop this and return to normality now.

Thanks,

	Thomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ