lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 01 Feb 2018 16:51:35 +0000
From:   David Woodhouse <dwmw2@...radead.org>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-kernel@...r.kernel.org, Dave Hansen <dave.hansen@...el.com>,
        Ashok Raj <ashok.raj@...el.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg KH <gregkh@...uxfoundation.org>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Arjan Van De Ven <arjan.van.de.ven@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Jun Nakajima <jun.nakajima@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>
Subject: Re: [PATCH 0/7] objtool: retpoline validation

On Thu, 2018-02-01 at 16:40 +0100, Peter Zijlstra wrote:
> On Thu, Feb 01, 2018 at 03:32:11PM +0000, David Woodhouse wrote:
> > 
> > On Thu, 2018-02-01 at 09:28 -0600, Josh Poimboeuf wrote:
> > > 
> > > On Thu, Feb 01, 2018 at 03:34:21PM +0100, Peter Zijlstra wrote:
> > > > 
> > > > 
> > > > There are the retpoline validation patches; they work with the
> > > > __noretpoline
> > > > thing from David.
> > > Have you run this through 0-day bot yet?  A manual awk/sed found
> > > another
> > > one, which objtool confirms:
> > > 
> > >   drivers/watchdog/.tmp_hpwdt.o: warning: objtool: .text+0x24:
> > > indirect call found in RETPOLINE build
> > > 
> > > And my search wasn't exhaustive so it would be good to sic 0-day bot on
> > > it.
> > We discussed that one. It's correct; we're calling into firmware so
> > there's *no* point in retpolining that one. We need to set IBRS before
> > any runtime calls into firmware, if we want to be safe.
>
> Ideally we'd have a way to mark the module 'unsafe' or something.

No, we just need to set IBRS before doing it. The same applies to any
EFI runtime calls, APM and all kinds of other random crap that calls
into firmware. I'm not sure why those aren't showing up.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5213 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ