lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2e198fe6-c08a-4489-bb0e-aff6d2d5670b@citrix.com>
Date: Tue, 15 Jul 2025 16:49:37 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: "Xin Li (Intel)" <xin@...or.com>, linux-kernel@...r.kernel.org
Cc: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
 dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, jmill@....edu,
 peterz@...radead.org
Subject: Re: [PATCH v1 1/1] x86/fred: Remove ENDBR64 from FRED entry points

On 15/07/2025 7:44 am, Xin Li (Intel) wrote:
> The FRED specification v9.0 states that there is no need for FRED
> event handlers to begin with ENDBR64, because in the presence of
> supervisor indirect branch tracking, FRED event delivery does not
> enter the WAIT_FOR_ENDBRANCH state.

I would suggest phrasing this as "The FRED specification has been
changed in v9 to..."

Simply "v9 states" can be read as "we mistook what v8 said and did it
wrong".

After all, the change here is specifically as a result of new research
showing ENDBR on the entrypoints to be of negative value.

>
> As a result, remove ENDBR64 from FRED entry points.
>
> Then add ANNOTATE_NOENDBR to indicate that FRED entry points will
> never be used for indirect calls to suppress an objtool warning.
>
> This change implies that any indirect CALL/JMP to FRED entry points
> causes #CP in the presence of supervisor indirect branch tracking.
>
> Credit goes to Jennifer Miller <jmill@....edu> and other contributors
> from Arizona State University whose work led to this change.
>
> Link: https://lore.kernel.org/linux-hardening/Z60NwR4w%2F28Z7XUa@ubun/
> Reviewed-by: H. Peter Anvin (Intel) <hpa@...or.com>
> Signed-off-by: Xin Li (Intel) <xin@...or.com>
> Cc: Jennifer Miller <jmill@....edu>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Cc: Andrew Cooper <andrew.cooper3@...rix.com>
> Cc: H. Peter Anvin <hpa@...or.com>

Preferably with an adjusted commit message, Reviewed-by Andrew Cooper
<andrew.cooper3@...rix.com>

Any idea when an updated SIMICS will be available?

~Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ