| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5937e5a2f1014e2da4a07e249745ceb1@AcuMS.aculab.com>
Date: Tue, 4 May 2021 13:06:06 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Josh Poimboeuf' <jpoimboe@...hat.com>,
Andy Lutomirski <luto@...nel.org>
CC: X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
David Kaplan <David.Kaplan@....com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
"David Woodhouse" <dwmw2@...radead.org>,
Kees Cook <keescook@...omium.org>,
"Jann Horn" <jannh@...gle.com>
Subject: RE: Do we need to do anything about "dead µops?"
From: Josh Poimboeuf
> Sent: 04 May 2021 04:16
...
> I was actually thinking more along the lines of
>
> val = 0;
>
> if (user_supplied_idx < ARRAY_SIZE) // trained to speculatively be 'true'
> val = boring_non_secret_array[user_supplied_idx];
>
> if (val & 1)
> do_something();
>
> In other words, the victim code wouldn't be accessing the secret
> intentionally. So there's no reason for it to avoid doing
> data-dependent branches.
Isn't that one of the very boring standard spectre cases?
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists