[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1516039672.4937.13.camel@infradead.org>
Date: Mon, 15 Jan 2018 19:07:52 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Andy Lutomirski <luto@...capital.net>,
Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Jon Masters <jcm@...masters.org>,
Henrique de Moraes Holschuh <hmh@....eng.br>,
Andi Kleen <andi@...stfloor.org>, tglx@...utronix.de,
x86@...nel.org, linux-kernel@...r.kernel.org, pjt@...gle.com,
torvalds@...ux-foundation.org, gregkh@...ux-foundation.org,
peterz@...radead.org, thomas.lendacky@....com,
arjan.van.de.ven@...el.com
Subject: Re: Improve retpoline for Skylake
On Mon, 2018-01-15 at 10:06 -0800, Andy Lutomirski wrote:
>
> > Refill or not, you are aware that a correctly timed SMI in a leaf
> > function will cause the next ret to speculate into userspace, because
> > there is guaranteed peturbance in the RSB? (On the expectation that the
> > SMM handler isn't entirely devoid of function calls).
>
> Couldn't firmware fill the RSB with a some known safe address, maybe
> even 0, and then immediately do RSM?
Why don't we just unconditionally declare that *all* firmware that uses
SMI for anything at all is broken?
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5213 bytes)
Powered by blists - more mailing lists