| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3f9765e1-8f02-409f-813c-24ff378f7a90@citrix.com> Date: Tue, 6 Jan 2026 16:46:41 +0000 From: Andrew Cooper <andrew.cooper3@...rix.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Andrew Cooper <andrew.cooper3@...rix.com>, LKML <linux-kernel@...r.kernel.org>, Xin Li <xin@...or.com>, "H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org Subject: Re: [PATCH] x86/fred: Correct speculative safety in fred_extint() On 06/01/2026 3:20 pm, Peter Zijlstra wrote: > On Tue, Jan 06, 2026 at 01:15:04PM +0000, Andrew Cooper wrote: >> This is why we have array_access_nospec() in Xen, so you can't separate the >> safety calculation from the array access. >> >> The observant reader might notice that the result of reading sysvec_table[] is >> also subject to memory predictions. Aren't CPUs wonderful... >> >> In practice, even having array_index_nospec() part of the array access >> expression is no guarantee of avoiding spilling to the stack. KASAN is liable >> to hide a function call behind the scenes, while UBSAN is very good at >> inserting it's own unsafe range checks around objects it knows the size of. >> Aren't compilers wonderful... > Yeah, then again nobody should be running *SAN kernels in production, > right ;-) Aren't distros wonderful... ~Andrew
Powered by blists - more mailing lists