From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-fw-2101.amazon.com ([72.21.196.25]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fQV55-0004C3-0d for speck@linutronix.de; Wed, 06 Jun 2018 11:50:15 +0200 Content-Type: multipart/mixed; boundary="===============0728647524884901320==" MIME-Version: 1.0 Received: from EX13MTAUEA001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-2c-579b7f5b.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w569o9e8083012 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Wed, 6 Jun 2018 09:50:11 GMT From: Norbert Manthey Subject: [MODERATED] spectrev1+ References: <20180601171244.GA30216@char.us.oracle.com> <20180601212952.GA7354@char.us.oracle.com> <20180604153815.GU12198@hirez.programming.kicks-ass.net> <20180605175837.ry5tx3widl6hj5ob@treble> Message-ID: <66ffcda6-4976-e918-3d84-10ace6eef3e6@amazon.de> Date: Wed, 6 Jun 2018 11:50:04 +0200 MIME-Version: 1.0 In-Reply-To: To: speck@linutronix.de List-ID: --===============0728647524884901320== Content-Type: multipart/mixed; boundary="cuBYG5nxjMXvyyPbqUR6HZlR8u2O79iFX"; protected-headers="v1" --cuBYG5nxjMXvyyPbqUR6HZlR8u2O79iFX Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Given the static code analysis efforts, I wonder whether we should also make use of Coverity wrt Spectre vulnerabilities. Synopsis announced they somewhat support this [1]. Unfortunately, I do not have access to the Linux project on Coverity Scan [2]. Does anybody on this list have access to that project there and can make sure the new scanner is enabled as well, or at least enabled in some kind of beta phase so that we can judge the usefulness of the reported defects. This way, we could consume the output and compare it to the upgraded version of smatch. Norbert PS: sorry for the previous mail which got totally scrambled [1] https://www.synopsys.com/blogs/software-security/detecting-spectre-vulner= ability-exploits-with-static-analysis/ [2] https://scan.coverity.com/projects/linux On 06/06/2018 01:56 AM, speck for Jiri Kosina wrote: > On Tue, 5 Jun 2018, speck for Linus Torvalds wrote: > >> Useless. > Fully agreed. > >> Can some Intel person explain how the processor could possibly=20 >> speculatively do a 'ret' instruction that actually uses the value that= =20 >> the front-end doesn't even have (ie "not RSB/BTB")? > I earlier today already asked for more details about exactly this back = > through the official channel I've received the whitepaper from as well.= =20 > I'll relay any information I eventually receive to this list. > > Thanks, > --cuBYG5nxjMXvyyPbqUR6HZlR8u2O79iFX-- --===============0728647524884901320== Content-Type: multipart/alternative; boundary="===============6012209066683019601==" MIME-Version: 1.0 Content-Disposition: inline --===============6012209066683019601== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Amazon Development Center Germany GmbH Berlin - Dresden - Aachen main office: Krausenstr. 38, 10117 Berlin Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger Ust-ID: DE289237879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B --===============6012209066683019601== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable

= Amazon Development Center Germany GmbH =
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
=

--===============6012209066683019601==-- --===============0728647524884901320==--