lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrWHJZXqDC-PUStHAJrNVMO_QEC0PG0PKAEHD+8TB-eqqQ@mail.gmail.com>
Date:   Thu, 25 Jan 2018 09:05:37 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     David Woodhouse <dwmw2@...radead.org>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Borislav Petkov <bp@...en8.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Paul Turner <pjt@...gle.com>, Jiri Kosina <jikos@...nel.org>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Ingo Molnar <mingo@...nel.org>, Rik van Riel <riel@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Kees Cook <keescook@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on vmexit

On Thu, Jan 25, 2018 at 9:00 AM, David Woodhouse <dwmw2@...radead.org> wrote:
> On Thu, 2018-01-25 at 10:56 -0600, Josh Poimboeuf wrote:
>> On Thu, Jan 25, 2018 at 04:03:18PM +0000, David Woodhouse wrote:
>> > On Thu, 2018-01-25 at 16:51 +0100, Borislav Petkov wrote:
>> > >
>> > > > And the seg fault is objtool's way of telling you you need a
>> > > > ANNOTATE_NOSPEC_ALTERNATIVE above the alternative ;-)
>> > >
>> > > Except that it blew up when I did this which doesn't have ALTERNATIVE
>> > > (it's the diff I saved :-))
>> >
>> > Yeah, ANNOTATE_NOSPEC_ALTERNATIVE just tells objtool "don't look at the
>> > alternative; you're not going to like it".
>> >
>> > If you start putting a __fill_rsb() function out of line somewhere and
>> > only *calling* it from alternatives, then objtool is going to shit
>> > itself when it sees that function, regardless.
>>
>> Right, if you *really* want it always inline, the short term solution is
>> to just patch it in with X86_FEATURE_ALWAYS.
>
> And the whole problem here is that patching it in with alternatives is
> painful on kernels < 4.1 because back then, we didn't cope with
> oldinstr and altinstr being different lengths.
>
> And they don't want to fix *that* because kABI...
>
> I just stopped caring.

Screw kABI.

Distros that use retpolines need their driver vendors to recompile no
matter what.  Distros that use IBRS and refuse to use retpolines
should get put on a list of "didn't actually adequately mitigate
spectre".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ