| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y1hHhMczQlqi4DxD@hirez.programming.kicks-ass.net>
Date: Tue, 25 Oct 2022 22:31:00 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Cc: scott.d.constable@...el.com, daniel.sneddon@...ux.intel.com,
Jakub Kicinski <kuba@...nel.org>, dave.hansen@...el.com,
Johannes Berg <johannes@...solutions.net>,
Paolo Abeni <pabeni@...hat.com>,
antonio.gomez.iglesias@...ux.intel.com,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
x86@...nel.org, gregkh@...uxfoundation.org, netdev@...r.kernel.org
Subject: Re: [RFC PATCH 0/2] Branch Target Injection (BTI) gadget in minstrel
On Tue, Oct 25, 2022 at 12:38:45PM -0700, Pawan Gupta wrote:
> > I think the focus should be on finding the source sites, not protecting
> > the target sites. Where can an attacker control the register content and
> > have an indirect jump/call.
>
> That is an interesting approach. I am wondering what mitigation can
> be applied at source?
Limiting the value ranges for example. Or straight up killing the values
if they go unused -- like how we clear the registers in entry.
> LFENCE before an indirect branch can greatly
> reduce the speculation window, but will not completely eliminate it.
Depends on the part; there's a whole bunch of parts where LFENCE is
sufficient.
Powered by blists - more mailing lists