| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bb85a9bb-4c00-f8f7-13f6-3f1bed997e9c@intel.com>
Date: Fri, 26 Jan 2018 07:27:38 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Yves-Alexis Perez <corsac@...ian.org>,
David Woodhouse <dwmw@...zon.co.uk>, arjan@...ux.intel.com,
tglx@...utronix.de, karahmed@...zon.de, x86@...nel.org,
linux-kernel@...r.kernel.org, tim.c.chen@...ux.intel.com,
bp@...en8.de, peterz@...radead.org, pbonzini@...hat.com,
ak@...ux.intel.com, torvalds@...ux-foundation.org,
gregkh@...ux-foundation.org, gnomes@...rguk.ukuu.org.uk
Subject: Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are
not vulnerable to Meltdown
On 01/26/2018 04:14 AM, Yves-Alexis Perez wrote:
> I know we'll still be able to manually enable PTI with a command line option,
> but it's also a hardening feature which has the nice side effect of emulating
> SMEP on CPU which don't support it (e.g the Atom boxes above).
For Meltdown-vulnerable systems, it's a no brainer: pti=on. The
vulnerability there is just too much.
But, if we are going to change the default, IMNHO, we need a clear list
of what SMEP emulation mitigates and where. RSB-related Variant 2 stuff
on Atom where the kernel speculatively 'ret's back to userspace is
certainly a concern. But, there's a lot of other RSB stuffing that's
going on that will mitigate that too.
Were you thinking of anything concrete?
I haven't found anything compelling enough to justify the downsides,
especially since things without SMEP tend not to have PCIDs as well.
Powered by blists - more mailing lists