lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180110194733.GO9723@arm.com>
Date:   Wed, 10 Jan 2018 19:47:33 +0000
From:   Will Deacon <will.deacon@....com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Mark Rutland <mark.rutland@....com>,
        Alexei Starovoitov <ast@...com>,
        "David S . Miller" <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>,
        Jann Horn <jannh@...gle.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Elena Reshetova <elena.reshetova@...el.com>,
        Alan Cox <alan@...ux.intel.com>,
        Network Development <netdev@...r.kernel.org>,
        kernel-team <kernel-team@...com>
Subject: Re: [PATCH bpf] bpf: prevent out-of-bounds speculation

Hi again Linus, Alexei,

On Tue, Jan 09, 2018 at 10:21:29AM +0000, Will Deacon wrote:
> On Mon, Jan 08, 2018 at 10:49:01AM -0800, Linus Torvalds wrote:
> > In this particular case, we should be very much aware of future CPU's
> > being more _constrained_, because CPU vendors had better start taking
> > this thing into account.
> > 
> > So the masking approach is FUNDAMENTALLY SAFER than the "let's try to
> > limit control speculation".
> > 
> > If somebody can point to a CPU that actually speculates across an
> > address masking operation, I will be very surprised. And unless you
> > can point to that, then stop trying to dismiss the masking approach.
> 
> Whilst I agree with your comments about future CPUs, this stuff is further
> out of academia than you might think. We're definitely erring on the
> belt-and-braces side of things at the moment, so let me go check what's
> *actually* been built and I suspect we'll be able to make the masking work.
> 
> Stay tuned...

I can happily confirm that there aren't any (ARM architecture) CPUs where
the masking approach is not sufficient, so there's no need to worry about
value speculation breaking this.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ