lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 25 Oct 2022 22:31:00 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Cc:     scott.d.constable@...el.com, daniel.sneddon@...ux.intel.com,
        Jakub Kicinski <kuba@...nel.org>, dave.hansen@...el.com,
        Johannes Berg <johannes@...solutions.net>,
        Paolo Abeni <pabeni@...hat.com>,
        antonio.gomez.iglesias@...ux.intel.com,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
        x86@...nel.org, gregkh@...uxfoundation.org, netdev@...r.kernel.org
Subject: Re: [RFC PATCH 0/2] Branch Target Injection (BTI) gadget in minstrel

On Tue, Oct 25, 2022 at 12:38:45PM -0700, Pawan Gupta wrote:

> > I think the focus should be on finding the source sites, not protecting
> > the target sites. Where can an attacker control the register content and
> > have an indirect jump/call.
> 
> That is an interesting approach. I am wondering what mitigation can
> be applied at source?

Limiting the value ranges for example. Or straight up killing the values
if they go unused -- like how we clear the registers in entry.

> LFENCE before an indirect branch can greatly
> reduce the speculation window, but will not completely eliminate it.

Depends on the part; there's a whole bunch of parts where LFENCE is
sufficient.


Powered by blists - more mailing lists