lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4bf35de5-ae61-93b8-f202-52d734997cc5@arm.com>
Date:   Fri, 26 Jan 2018 15:46:59 +0000
From:   Suzuki K Poulose <Suzuki.Poulose@....com>
To:     Dave Martin <Dave.Martin@....com>
Cc:     linux-arm-kernel@...ts.infradead.org, mark.rutland@....com,
        ckadabi@...eaurora.org, ard.biesheuvel@...aro.org,
        marc.zyngier@....com, catalin.marinas@....com, will.deacon@....com,
        linux-kernel@...r.kernel.org, jnair@...iumnetworks.com
Subject: Re: [PATCH 10/16] arm64: Make KPTI strict CPU local feature

On 26/01/18 12:25, Dave Martin wrote:
> On Tue, Jan 23, 2018 at 12:28:03PM +0000, Suzuki K Poulose wrote:
>> KPTI capability is a security feature which should be enabled
>> when at least one CPU on the system needs it. Any late CPU
>> which needs the kernel support, should be prevented from
>> booting (and thus making the system unsecure) if the feature
>> was not already enabled.
> 
> Is there an actual change to behaviour here?

Yes, we now prevent any new CPU from booting if it *matches* the capability,
which we didn't do earlier.

> 
> It's not very obvious from the commit message, or the patch when read in
> isolation.
> 

I will fix the commit message to indicate the current behavior. How about :

"KPTI is treated as a system wide feature, where we enable the feature
when all the CPUs on the system suffers from the security vulnerability,
unless it is enabled via kernel command line. Also, we ignore a late CPU
which might need the defense if the KPTI is not enabled, making the system
insecure. This is not sufficient, as
we should enable the defense when at least one CPU needs it. Also, if
it is not enabled at boot-time, we can no longer enable it when a late
CPU turns up. This patch makes sure that the KPTI is checked on all CPUs
and use it when at least one needs it. Also reject any CPU that needs it,
which turns up late if the KPTI is not already enabled."


Cheers
Suzuki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ