lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <SEZPR04MB63194C0FCB4765A8ABF4A2709E9E2@SEZPR04MB6319.apcprd04.prod.outlook.com>
Date: Fri, 6 Sep 2024 07:19:07 +0000
From: Qixiang Xu <qixiang.xu@...look.com>
To: Marc Zyngier <maz@...nel.org>
CC: "oliver.upton@...ux.dev" <oliver.upton@...ux.dev>, "will@...nel.org"
	<will@...nel.org>, "linux-arm-kernel@...ts.infradead.org"
	<linux-arm-kernel@...ts.infradead.org>, "kvmarm@...ts.linux.dev"
	<kvmarm@...ts.linux.dev>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] KVM: arm64: Make nVHE ASLR conditional on nokaslr

Marc,

Thanks for your reply. 

> This is a change in behaviour that would leave the 2 implementations
> affected by Spectre-v3a unmitigated and leaking information to
> *guests*, while they would have been safe until this change. Is this
> what we really want to do?

The reason for adding this is to make debugging nvhe hyp code easier. 
Otherwise, we would need to calculate the offset every time.
Do you have any better suggestions for the debugging?


> This is also not disabling the whole thing, since we still do the
> indirect vector dance.

I'm not sure if my understanding is correct, but based on 
the hyp_map_vectors function, the address of the indirect vector
is only related to __io_map_base and is not random.


Thanks. 
Qixiang Xu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ