| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Feb 2023 07:38:49 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Borislav Petkov <bp@...en8.de>, KP Singh <kpsingh@...nel.org>,
Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Josh Poimboeuf <jpoimboe@...nel.org>, linux-kernel@...r.kernel.org,
pjt@...gle.com, evn@...gle.com, tglx@...utronix.de,
mingo@...hat.com, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com, peterz@...radead.org,
pawan.kumar.gupta@...ux.intel.com, kim.phillips@....com,
alexandre.chartre@...cle.com, daniel.sneddon@...ux.intel.com,
José Oliveira <joseloliveira11@...il.com>,
Rodrigo Branco <rodrigo@...nelhacking.com>,
Alexandra Sandulescu <aesa@...gle.com>,
Jim Mattson <jmattson@...gle.com>
Subject: Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2
protection with KERNEL_IBRS
On 2/20/23 06:31, Borislav Petkov wrote:
> This above probably wants to say that you need to write 1 on CPL change
> because it has a flushing behavior of killing user prediction entries.
Right. The naive way of looking at IBRS is that setting IBRS=1
mitigates spectre-v2. But, as the documentation says, just _leaving_ it
set to 1 is not good enough. It must be actively rewritten in order to
get the strongest semantics.
It's still rather early in the morning, but I'm also quite confused
about what exactly the problem is here. The patch and the changelog
aren't especially clear. I'll need to stare at it with a cup of coffee
before I can give any coherent better suggestions, though.
Powered by blists - more mailing lists