lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=whJjhoq2wGOx9e0zK7-EouqdaRREvmJJLN+HX-Zht3miQ@mail.gmail.com>
Date:   Wed, 4 Oct 2023 17:46:22 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Sumit Garg <sumit.garg@...aro.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        James Bottomley <jejb@...ux.ibm.com>,
        Hyeonggon Yoo <42.hyeyoo@...il.com>,
        Peter Zijlstra <peterz@...radead.org>,
        David Kaplan <David.Kaplan@....com>,
        Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...nel.org>,
        x86@...nel.org
Subject: Re: Linux 6.6-rc3 (DEBUG_VIRTUAL is unhappy on x86)

On Tue, 3 Oct 2023 at 05:06, Sumit Garg <sumit.garg@...aro.org> wrote:
>
> However, on the flip side I think there are security benefits here. We
> wouldn't like any indirect branch speculation attack to leak the trusted
> key material contents here.

No. Turning *one* indirect call static isn't a security benefit. That
argument is just bogus.

This code needs to be fixed. No static call rewriting for call-sites
that are just used once.

               Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ