[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231018191407.n4ys6vefbio7z3sn@treble>
Date: Wed, 18 Oct 2023 12:14:07 -0700
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Borislav Petkov <bp@...en8.de>
Cc: Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org,
linux-tip-commits@...r.kernel.org,
David Kaplan <david.kaplan@....com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>, x86@...nel.org,
David Howells <dhowells@...hat.com>
Subject: Re: [tip: x86/bugs] x86/retpoline: Ensure default return thunk isn't
used at runtime
On Wed, Oct 18, 2023 at 08:44:31PM +0200, Borislav Petkov wrote:
> On Wed, Oct 18, 2023 at 11:39:15AM -0700, Josh Poimboeuf wrote:
> > And see my reply to that? Not trying to be daft, I just didn't see how
> > your reply was responsive.
> >
> > A single WARN_ONCE() has the benefit of not overflowing dmesg, while
> > also making the warning available to those looking at dmesg (or the
> > taint flag), as those who care should be.
>
> A single WARN once is not enough as this is security-sensitive. Warns do
> get ignored.
>
> > A rate-limited WARN() is problematic, as it overflows dmesg (and
> > possibly wrapping other logs), potentially obscuring other important
> > data.
>
> This will hopefully make people look by screaming louder. But no
> guarantee. Not saying it is the right thing.
>
> UDing without any output is not the right thing either.
>
> All I'm saying is, there's no good solution for how to catch this and
> make people report it.
>
> Make more sense?
There are a lot of warnings which could become security concerns.
By definition, a warning means something is seriously wrong. If it's
ignored, all bets are off. That's why we taint the kernel.
--
Josh
Powered by blists - more mailing lists