lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wiG7dGtE6UsynOP3FuvApkh=FYrv1Q42DEVZmosuOFXnQ@mail.gmail.com>
Date: Sun, 1 Dec 2024 12:03:14 -0800
From: Linus Torvalds <torvalds@...uxfoundation.org>
To: David Laight <David.Laight@...lab.com>
Cc: "x86@...nel.org" <x86@...nel.org>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, 
	Andrew Cooper <andrew.cooper3@...rix.com>, Josh Poimboeuf <jpoimboe@...nel.org>, 
	"bp@...en8.de" <bp@...en8.de>
Subject: Re: [PATCH next] x86: mask_user_address() return base of guard page
 for kernel addresses

On Sun, 1 Dec 2024 at 10:12, David Laight <David.Laight@...lab.com> wrote:
>
> I've built and run a kernel with it - so not broken!

I worry that 'cmov' could be predicted - making the whole sequence
pointless. It would be a stupid thing for a CPU core to do, but it
would be simple.

Of course, 'sbb' could be done using predicting the carry flag too.
There's a lot of ways to screw this up.

Intel at some point explicitly said

 "Other instructions such as CMOVcc, AND, ADC, SBB and SETcc can also
be used to prevent bounds
  check bypass by constraining speculative execution on current family
6 processors (Intel® Core™,
  Intel® Atom™, Intel® Xeon® and Intel® Xeon Phi™ processors).
However, these instructions may not
  be guaranteed to do so on future Intel processors"

so none of these are safe according to that.

Maybe there were newer updates on this, but in the meantime I'd rather
have just *one* pattern, not switch between multiple possibly
problematic ones. And sbb has been that traditional one.

Also, if sbb is ever made speculative, I think it's time to just jump ship.

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ