lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALMp9eS5pBrKWe=LbWXON6bhTdhbX9rB2aF+c-h_a0=SXfyj7A@mail.gmail.com>
Date:   Thu, 14 Jul 2022 17:29:58 -0700
From:   Jim Mattson <jmattson@...gle.com>
To:     LKML <linux-kernel@...r.kernel.org>
Subject: Retbleed (RSBA vs BTC)

What is the value in conflating the Intel and AMD findings under the
same moniker (arch/x86/kernel/cpu/common.c)? The vulnerabilities seem
quite different to me.

The Intel CPUs tagged with RETBLEED should already report RSBA. The
paper just highlights this previously disclosed vulnerability. Or are
there Intel CPUs subject to Retbleed that don't report RSBA, and I'm
just confused?

On the AMD side, however, Branch Type Confusion is a much bigger deal.
All instructions are subject to steering by BTI, not just returns with
an empty RSB.

Don't these two vulnerabilities deserve separate names (and don't we
already have a name for the first one)?

Tangentially, I believe that the following line is wrong:
VULNBL_INTEL_STEPPINGS(SKYLAKE_X, X86_STEPPING_ANY, MMIO | RETBLEED),

Steppings 5, 6, and 7 are "Cascade Lake," with eIBRS, and I don't
think Cascade Lake suffers from RSBA.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ