lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181119234528.GJ29258@redhat.com>
Date:   Mon, 19 Nov 2018 18:45:28 -0500
From:   Andrea Arcangeli <aarcange@...hat.com>
To:     Dave Hansen <dave.hansen@...el.com>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Casey Schaufler <casey.schaufler@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Jon Masters <jcm@...hat.com>,
        Waiman Long <longman9394@...il.com>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        Willy Tarreau <w@....eu>
Subject: Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app
 protection modes

On Mon, Nov 19, 2018 at 03:25:41PM -0800, Dave Hansen wrote:
> On 11/19/18 3:16 PM, Andrea Arcangeli wrote:
> > So you may want to ask why it wasn't written as your "any" vs "any" email:
> 
> Presumably because the authors really and truly meant what they said.  I
> was not being as careful in my wording as they were.  :)
> 
> There is nothing in the spec that says that STIBP disables branch
> prediction itself, or that it keeps a thread from influencing *itself*.

Just in case, another thing come to mind, what about mistraining the
BTB with STIBP set inside the SECCOMP jail and then going to sleep or
being migrated by the scheduler to another core which clears STIBP on
the core? Can the mistraining happened inside the SECCOMP jail with
STIBP set influence the code outside SECCOMP after STIBP is cleared?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ