lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210126105932.GG1551@shell.armlinux.org.uk>
Date:   Tue, 26 Jan 2021 10:59:32 +0000
From:   Russell King - ARM Linux admin <linux@...linux.org.uk>
To:     Lecopzer Chen <lecopzer.chen@...iatek.com>
Cc:     akpm@...ux-foundation.org, bigeasy@...utronix.de,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        marc.zyngier@....com, peterx@...hat.com, rppt@...nel.org,
        walken@...gle.com, yj.chiang@...iatek.com
Subject: Re: [PATCH] ARM: mm: harden branch predictor before opening
 interrupts during fault

On Tue, Jan 26, 2021 at 05:17:08PM +0800, Lecopzer Chen wrote:
> Hi all,
> 
> I don't see any fix for this issue now(maybe I missed it..?),
> could we fix this if there is better solution?
> This issue exists almost two years.

I don't think anyone provided an acceptable patch.

The first patch moved the hardening out of the translation/section
fault handling. Since the kernel is mapped with sections, these
are above TASK_SIZE, and the whole point of the branch prediction
hardening is to prevent the prediction in the kernel being exploited,
missing the hardening effectively makes the mitigation useless.

The discussion in February 2019 never concluded from what I can see.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ