lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <24e0d604750babd3461768897bb2ae82@codeaurora.org>
Date:   Wed, 10 Mar 2021 20:47:01 +0530
From:   Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
To:     Andi Kleen <ak@...ux.intel.com>
Cc:     acme@...nel.org, al.grant@....com,
        alexander.shishkin@...ux.intel.com, coresight@...ts.linaro.org,
        denik@...omium.org, dianders@...omium.org, jolsa@...hat.com,
        leo.yan@...aro.org, linux-arm-kernel@...ts.infradead.org,
        linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        mark.rutland@....com, mathieu.poirier@...aro.org,
        mike.leach@...aro.org, mingo@...hat.com, mnissler@...omium.org,
        namhyung@...nel.org, peterz@...radead.org, suzuki.poulose@....com,
        swboyd@...omium.org
Subject: Re: [PATCHv2 0/4] perf/core: Add support to exclude kernel mode PMU
 tracing

Hi Andi,

On 2021-03-09 20:14, Andi Kleen wrote:
>> The disk encryption is just one example and there might be others 
>> which
>> we might not be aware of yet and we are not suspecting there is 
>> something
>> wrong with the crypto code that needs to be fixed.
> 
> Then you don't have any leaks relating to branch tracing.
> 
>> restrict an external(in the sense that its not related to crypto or 
>> any
>> other security related component) entity such as hardware assisted 
>> tracing
>> like ARM coresight and so on. I don't see why or how the crypto code 
>> needs
>> to be fixed for something that is not related to it although it is 
>> affected.
> 
> It's just a general property that if some code that is handling secrets
> is data dependent it already leaks.
> 
> 
>> The analogy would be like of the victims and a perpetrator. Lets take 
>> coresight
>> as an example for perpetrator and crypto as the victim here. Now we 
>> can try
> 
> There's no victim with branch tracing, unless it is already leaky.
> 
>> If we just know one victim (lets say crypto code here), what happens 
>> to the
>> others which we haven't identified yet? Do we just wait for someone to 
>> write
>> an exploit based on this and then scramble to fix it?
> 
> For a useful security mitigation you need a threat model first I would 
> say.
> 
> So you need to have at least some idea how an attack with branch
> tracing would work.
> 
> 
>> Initial change was to restrict this only to HW assisted instruction 
>> tracing [1]
> 
> I don't think it's needed for instruction tracing.
> 

 From what I know, newer ARM A-profile cores doesn't allow data tracing. 
And you
are saying that just the instruction tracing cannot be used to infer any
important data.

There are few security folks in CC who probably can give us more details 
on how
branch tracing can be used for an exploit. @mnissler?

Thanks,
Sai

-- 
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a 
member
of Code Aurora Forum, hosted by The Linux Foundation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ