From: Jiri Kosina <jkosina@suse.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [patch 07/11] [PATCH v2 07/10] Linux Patch #7
Date: Mon, 23 Apr 2018 23:33:29 +0200 (CEST) [thread overview]
Message-ID: <nycvar.YFH.7.76.1804232327000.28129@cbobk.fhfr.pm> (raw)
In-Reply-To: <alpine.LFD.2.21.999.1804231415001.18164@i7.lan>
On Mon, 23 Apr 2018, speck for Linus Torvalds wrote:
> Yeah, I'm not in the least interested in theory.
>
> Are there actual real attacks where it makes sense?
>
> In particular since we actually have the RSB stuffing workarounds too, not
> just bare retpoline. Which leaves the "call stacks deeper than 16" case as
> the only actual possible case even in theory, and then you have to be able
> to attack it too.
BTW in addition to that, there is this gcc patch (I don't think any distro
is shipping it yet in any way though):
https://github.com/clearlinux-pkgs/gcc/blob/master/zero-regs.patch
that should make any such theoretical attack even harder (it zeroes all
clobbered GPRs before ret, which is cheap, and dramatically reduces the
potential of introducing "bad" dependencies).
> Anyway, I was wondering if there was any reason why we'd care for the
> store buffer bypass problem? The whole "run with store buffers in user
> space, disable them in kernel space" model seems insane.
This is all just about defining the security domain boundaries. If we
hypothetically disable MD on kernel entry, then it's impossible for ring3
store to badly influence ring0 load.
But absolutely yeah, there are many other scenarios that need protecting
as well (userspace-userspace, guest-host, etc), which'd stay unprotected
with that model.
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2018-04-23 21:33 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-20 2:25 [MODERATED] [patch 07/11] [PATCH v2 07/10] Linux Patch #7 konrad.wilk
2018-04-20 17:42 ` [MODERATED] " Borislav Petkov
2018-04-21 3:27 ` Konrad Rzeszutek Wilk
2018-04-21 9:03 ` Borislav Petkov
2018-04-21 12:21 ` Konrad Rzeszutek Wilk
2018-04-21 19:25 ` Borislav Petkov
2018-04-21 21:41 ` Linus Torvalds
2018-04-21 22:09 ` Borislav Petkov
2018-04-21 22:13 ` Jon Masters
2018-04-21 22:35 ` Borislav Petkov
2018-04-21 22:54 ` Jon Masters
2018-04-22 1:26 ` Linus Torvalds
2018-04-22 3:18 ` Jon Masters
2018-04-22 9:35 ` Borislav Petkov
2018-04-22 9:53 ` Jon Masters
2018-04-22 10:34 ` Borislav Petkov
2018-04-22 15:16 ` Jon Masters
2018-04-23 14:30 ` Thomas Gleixner
2018-04-23 14:34 ` [MODERATED] " Jon Masters
2018-04-23 17:06 ` Jon Masters
2018-04-23 17:51 ` Konrad Rzeszutek Wilk
2018-04-23 18:01 ` Jon Masters
2018-04-23 18:02 ` Jon Masters
2018-04-23 18:05 ` Linus Torvalds
2018-04-23 18:09 ` Jon Masters
2018-04-23 22:23 ` Thomas Gleixner
2018-04-23 22:30 ` [MODERATED] " Jiri Kosina
2018-04-23 23:03 ` Andi Kleen
2018-04-24 5:32 ` Jiri Kosina
2018-04-23 22:31 ` Andi Kleen
2018-04-24 0:44 ` Jon Masters
2018-04-23 23:36 ` Tim Chen
2018-04-23 21:13 ` Konrad Rzeszutek Wilk
2018-04-23 21:23 ` Linus Torvalds
2018-04-23 21:33 ` Jiri Kosina [this message]
2018-04-23 22:18 ` Andi Kleen
2018-04-24 0:34 ` Jon Masters
2018-04-21 22:09 ` Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.1804232327000.28129@cbobk.fhfr.pm \
--to=jkosina@suse.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.