[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231018200414.GHZTA6Pq8UE4rK0Yk5@fat_crate.local>
Date: Wed, 18 Oct 2023 22:04:14 +0200
From: Borislav Petkov <bp@...en8.de>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org,
linux-tip-commits@...r.kernel.org,
David Kaplan <david.kaplan@....com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>, x86@...nel.org,
David Howells <dhowells@...hat.com>
Subject: Re: [tip: x86/bugs] x86/retpoline: Ensure default return thunk isn't
used at runtime
On Wed, Oct 18, 2023 at 12:14:07PM -0700, Josh Poimboeuf wrote:
> There are a lot of warnings which could become security concerns.
Not "could become" - this one *is* a security issue because it means we're
not mitigating with the RET thunks properly.
> By definition, a warning means something is seriously wrong. If it's
> ignored, all bets are off. That's why we taint the kernel.
If I could, I'd cripple the kernel just enough so that it issues the
warning and then stops so that the users are not exposed, but show why
it stopped. And we know that panicking doesn't provide that.
David suggested earlier that perhaps we should warn and then mark the
kernel as vulnerable to those mitigations. That could be a more
realistic thing to do...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists