lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1811221145210.1531@nanos.tec.linutronix.de>
Date:   Thu, 22 Nov 2018 11:48:14 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Borislav Petkov <bp@...en8.de>
cc:     Peter Zijlstra <peterz@...radead.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        Andy Lutomirski <luto@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jiri Kosina <jkosina@...e.cz>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Casey Schaufler <casey.schaufler@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Jon Masters <jcm@...hat.com>,
        Waiman Long <longman9394@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Dave Stewart <david.c.stewart@...el.com>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [patch 15/24] x86/speculation: Add command line control for
 indirect branch speculation

On Thu, 22 Nov 2018, Borislav Petkov wrote:
> On Thu, Nov 22, 2018 at 10:18:58AM +0100, Peter Zijlstra wrote:
> > Right; that retpoline + IBPB case is one that came up earlier when we
> > talked about this stuff. The IBPB also helps against app2app BTB ASLR
> > attacks. So even if you have userspace retpoline, you might still want
> > IBPB.
> > 
> > But yes, this should be relatively straight forward to allow/fix with
> > the proposed code.
> 
> So I got some feedback from AMD that IBPB on context switch has a
> small perf impact and they wouldn't mind it being enabled by default
> considering that it provides protection against a lot of attack
> scenarios. Basically, what the recommendation says.
> 
> But if we go and do opt-in, then they're fine with it being off by
> default if we decide to do it so in the kernel.

So one way to do this would be to have additional options:

   prctl,ibpb and seccomp,ibpb

which then would keep the STIBP stuff as proposed and switch ibpb to always
mode. Adding the back to back optimization for the always ibpb mode is not
rocket science.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ