| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jul 2018 04:28:50 +0000
From: "Arackal, Paulose Kuriakose (STSD)"
<paulose.kuriakose.arackal@....com>
To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Query regarding Spectre fixes - IBRS/IBPB/SSB...
Hi,
I have been tracking Spectre related fixes at Linux kernel 4.4.x LTS branch, for some of our products on this kernel version.
One thing I noted is, some kernel fixes are added at upstream kernels 4.16 and 4.17, related to IBRS/IBPB capabilities and SSB fix.
Few of the related commits listed below:
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.16.y&id=df35c3e66e6da210fed4a011722644cf1de590dd
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
Expose indirect_branch_prediction_barrier() for use in subsequent patches.
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=20ffa1caecca4db8f79fe665acdeaa5af815a24d
x86/speculation: Use IBRS if available before calling into firmware
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dd84441a797150dcc49298ec95c459a8891d8bb1
These changes are not seen backported to 4.4.* LTS. Have few related queries:
1. Is a microcode update of IBRS/IBPB/SSB fixes alone good enough for cover from the vulnerabilities.
2. Are the kernel changes as above a must to utilize IBRS/IBPB against Spectre vulnerabilities.?
3. Is there a plan to back port above fixes to 4.4.* LTS branch?.
Thanks,
Paulose.
Powered by blists - more mailing lists