lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e1999cba-5721-42d4-bbe3-11ecbe218946@zytor.com>
Date: Tue, 15 Jul 2025 09:10:59 -0700
From: Xin Li <xin@...or.com>
To: Andrew Cooper <andrew.cooper3@...rix.com>, linux-kernel@...r.kernel.org
Cc: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
        jmill@....edu, peterz@...radead.org
Subject: Re: [PATCH v1 1/1] x86/fred: Remove ENDBR64 from FRED entry points

On 7/15/2025 8:49 AM, Andrew Cooper wrote:
> On 15/07/2025 7:44 am, Xin Li (Intel) wrote:
>> The FRED specification v9.0 states that there is no need for FRED
>> event handlers to begin with ENDBR64, because in the presence of
>> supervisor indirect branch tracking, FRED event delivery does not
>> enter the WAIT_FOR_ENDBRANCH state.
> 
> I would suggest phrasing this as "The FRED specification has been
> changed in v9 to..."
> 
> Simply "v9 states" can be read as "we mistook what v8 said and did it
> wrong".
> 
> After all, the change here is specifically as a result of new research
> showing ENDBR on the entrypoints to be of negative value.

Sure, that makes it more like a story ;)

> 
>>
>> As a result, remove ENDBR64 from FRED entry points.
>>
>> Then add ANNOTATE_NOENDBR to indicate that FRED entry points will
>> never be used for indirect calls to suppress an objtool warning.
>>
>> This change implies that any indirect CALL/JMP to FRED entry points
>> causes #CP in the presence of supervisor indirect branch tracking.
>>
>> Credit goes to Jennifer Miller <jmill@....edu> and other contributors
>> from Arizona State University whose work led to this change.
>>
>> Link: https://lore.kernel.org/linux-hardening/Z60NwR4w%2F28Z7XUa@ubun/
>> Reviewed-by: H. Peter Anvin (Intel) <hpa@...or.com>
>> Signed-off-by: Xin Li (Intel) <xin@...or.com>
>> Cc: Jennifer Miller <jmill@....edu>
>> Cc: Peter Zijlstra <peterz@...radead.org>
>> Cc: Andrew Cooper <andrew.cooper3@...rix.com>
>> Cc: H. Peter Anvin <hpa@...or.com>
> 
> Preferably with an adjusted commit message, Reviewed-by Andrew Cooper
> <andrew.cooper3@...rix.com>

Thanks, will add in v3 later today (Sent out v2 just now).

> 
> Any idea when an updated SIMICS will be available?

The FRED testing is more focused on hardware now :).

Anyway, let me check here.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ