lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <nycvar.YFH.7.76.1801251937380.11852@cbobk.fhfr.pm>
Date:   Thu, 25 Jan 2018 19:41:03 +0100 (CET)
From:   Jiri Kosina <jikos@...nel.org>
To:     Andy Lutomirski <luto@...nel.org>
cc:     David Woodhouse <dwmw2@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Borislav Petkov <bp@...en8.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Paul Turner <pjt@...gle.com>,
        Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Ingo Molnar <mingo@...nel.org>, Rik van Riel <riel@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Kees Cook <keescook@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-tip-commits@...r.kernel.org
Subject: Re: [tip:x86/pti] x86/retpoline: Fill return stack buffer on
 vmexit

On Thu, 25 Jan 2018, Andy Lutomirski wrote:

> Distros that use retpolines need their driver vendors to recompile no 
> matter what.  

Absolutely. Tainting a kernel, issuing a warning, or even voluntarily 
deciding to not load modules loaded without retpolines, that all sounds 
like reasonable aproaches.

Artificially introducing kernel ABI breakage which is not there (as 
retpolines are fully compatible when it comes to ABI between modules and 
kernel ... the fact that it potentially brings non-retpolined indirect 
jump into the kernel is a security concent, but not ABI issue) sounds like 
a bad idea.

Those two things (ABI and security concerns) are independent.

> Distros that use IBRS and refuse to use retpolines should get put on a 
> list of "didn't actually adequately mitigate spectre".

Oh absolutely, especially on archs where there is no IBRS. But how is this 
relevant to ABI?

Thanks,

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ