lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <124f4871-1275-47af-b513-297b870708b2@suse.com>
Date: Thu, 11 Apr 2024 09:20:17 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org
Cc: linux-kernel@...r.kernel.org,
 Linus Torvalds <torvalds@...ux-foundation.org>,
 Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
 Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
 Thomas Gleixner <tglx@...utronix.de>,
 Alexandre Chartre <alexandre.chartre@...cle.com>,
 Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
 Peter Zijlstra <peterz@...radead.org>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Sean Christopherson <seanjc@...gle.com>,
 Andrew Cooper <andrew.cooper3@...rix.com>,
 Dave Hansen <dave.hansen@...ux.intel.com>, KP Singh <kpsingh@...nel.org>,
 Waiman Long <longman@...hat.com>, Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH 5/7] x86/bugs: Only harden syscalls when needed



On 11.04.24 г. 8:40 ч., Josh Poimboeuf wrote:
> Syscall hardening (i.e., converting the syscall indirect branch to a
> series of direct branches) may cause performance regressions in certain
> scenarios.  Only use the syscall hardening when indirect branches are
> considered unsafe.
> 
> Fixes: 1e3ad78334a6 ("x86/syscall: Don't force use of indirect calls for system calls")
> Signed-off-by: Josh Poimboeuf <jpoimboe@...nel.org>

Why fiddle with syscall mechanism if the bhb scrubbing sequence 
mitigates bhb? AFAIU (correct me if I'm wrong) the original idea was to 
have use syscall hardening instead of the BHB sequence but since it 
became clear that's not sufficient bhb scrubbing completely subsumes the 
direct branch approach in the syscall handler?

<snip>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ