lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Oct 2022 22:31:00 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com> Cc: scott.d.constable@...el.com, daniel.sneddon@...ux.intel.com, Jakub Kicinski <kuba@...nel.org>, dave.hansen@...el.com, Johannes Berg <johannes@...solutions.net>, Paolo Abeni <pabeni@...hat.com>, antonio.gomez.iglesias@...ux.intel.com, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, x86@...nel.org, gregkh@...uxfoundation.org, netdev@...r.kernel.org Subject: Re: [RFC PATCH 0/2] Branch Target Injection (BTI) gadget in minstrel On Tue, Oct 25, 2022 at 12:38:45PM -0700, Pawan Gupta wrote: > > I think the focus should be on finding the source sites, not protecting > > the target sites. Where can an attacker control the register content and > > have an indirect jump/call. > > That is an interesting approach. I am wondering what mitigation can > be applied at source? Limiting the value ranges for example. Or straight up killing the values if they go unused -- like how we clear the registers in entry. > LFENCE before an indirect branch can greatly > reduce the speculation window, but will not completely eliminate it. Depends on the part; there's a whole bunch of parts where LFENCE is sufficient.
Powered by blists - more mailing lists