[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y2ls0vS+ZsW4iL3N@sol.localdomain>
Date: Mon, 7 Nov 2022 12:38:42 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Marc Zyngier <maz@...nel.org>,
"Jason A . Donenfeld" <Jason@...c4.com>,
Kees Cook <keescook@...omium.org>,
Suzuki K Poulose <suzuki.poulose@....com>,
Adam Langley <agl@...gle.com>
Subject: Re: [PATCH v2] arm64: Enable data independent timing (DIT) in the
kernel
On Mon, Nov 07, 2022 at 06:24:00PM +0100, Ard Biesheuvel wrote:
[...]
>
> Currently, we have no idea whether or not running privileged code with
> DIT disabled on a CPU that implements support for it may result in a
> side channel that exposes privileged data to unprivileged user space
> processes, so let's be cautious and just enable DIT while running in the
> kernel if supported by all CPUs.
[...]
>
> - tweak the commit log so that it doesn't read as if we are fixing an
> actual vulnerability
I think the above undersells this a bit, as crypto code often relies on
instructions being constant-time to prevent leakage of secrets outside the
system itself. For example, consider WireGuard, which includes network
attackers in its threat model. So it's not just about attacks from userspace
processes on the same system.
The patch itself looks good to me though -- thanks!
- Eric
Powered by blists - more mailing lists