| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPcyv4jTbH6As_SC2Po8j5mB6jKLcwMr3Yn=19aTN2yMgBR=iw@mail.gmail.com>
Date: Tue, 30 Jan 2018 12:13:18 -0800
From: Dan Williams <dan.j.williams@...el.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...nel.org>,
linux-arch <linux-arch@...r.kernel.org>,
Cyril Novikov <cnovikov@...x.com>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Peter Zijlstra <peterz@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
X86 ML <x86@...nel.org>, Will Deacon <will.deacon@....com>,
Russell King <linux@...linux.org.uk>,
Ingo Molnar <mingo@...hat.com>,
Greg KH <gregkh@...uxfoundation.org>,
"H. Peter Anvin" <hpa@...or.com>, Alan Cox <alan@...ux.intel.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>
Subject: Re: [PATCH v5 02/12] array_idx: sanitize speculative array de-references
[ adding Arjan ]
On Tue, Jan 30, 2018 at 11:38 AM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
[..]
> Anyway, I do think the patches I've seen so far are ok, and the real
> reason I'm writing this email is actually more about future patches:
> do we have a good handle on where these array index sanitations will
> be needed?
>
> Also, while array limit checking was obviously the official
> "spectre-v1" issue, I do wonder if there are possible other issues
> where mispredicted conditional branches can end up leaking
> information?
>
> IOW, is there some work on tooling/analysis/similar? Not asking for
> near-term, but more of a "big picture" question..
>
> Linus
Powered by blists - more mailing lists