[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7f7df1f6-345f-4062-aa00-40c260b14040@suse.com>
Date: Mon, 15 Apr 2024 18:27:09 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe@...nel.org>, x86@...nel.org,
linux-kernel@...r.kernel.org, Daniel Sneddon
<daniel.sneddon@...ux.intel.com>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Alexandre Chartre <alexandre.chartre@...cle.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Peter Zijlstra <peterz@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Sean Christopherson <seanjc@...gle.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Dave Hansen <dave.hansen@...ux.intel.com>, KP Singh <kpsingh@...nel.org>,
Waiman Long <longman@...hat.com>, Borislav Petkov <bp@...en8.de>,
Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed
On 15.04.24 г. 18:16 ч., Linus Torvalds wrote:
> On Mon, 15 Apr 2024 at 00:37, Nikolay Borisov <nik.borisov@...e.com> wrote:
>>
>> To ask again, what do we gain by having this syscall hardening at the
>> same time as the always on BHB scrubbing sequence?
>
> What happens the next time some indirect call problem comes up?
Same as with every issue - assess the problem and develop fixes. Let's
be honest, the indirect branches in the syscall handler aren't the
biggest problem, it's the stacked LSMs. And even if those get fixes
chances are the security people will likely find some other avenue of
attack, I think even now the attack is somewhat hard to pull off.
So in any case this could have been a completely independent patch of
the BHI series.
>
> If we had had *one* hardware bug in this area, that would be one
> thing. But this has been going on for a decade now.
>
> Linus
Powered by blists - more mailing lists