From: Juergen Gross <jgross@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
David Woodhouse <dwmw@amazon.co.uk>,
ak@linux.intel.com
Cc: Paul Turner <pjt@google.com>, LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linux-foundation.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
tglx@linutronix.de, Kees Cook <keescook@google.com>,
Rik van Riel <riel@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@amacapital.net>,
Jiri Kosina <jikos@kernel.org>,
gnomes@lxorguk.ukuu.org.uk
Subject: Re: [PATCH v3 10/13] x86/retpoline/pvops: Convert assembler indirect jumps
Date: Thu, 4 Jan 2018 17:04:29 +0100 [thread overview]
Message-ID: <f5280efe-e5e1-9ba7-c299-11b0f402564a@suse.com> (raw)
In-Reply-To: <3c1bcc6d-d509-c48e-32ab-a24596f03e2f@citrix.com>
On 04/01/18 16:18, Andrew Cooper wrote:
> On 04/01/18 15:02, Juergen Gross wrote:
>> On 04/01/18 15:37, David Woodhouse wrote:
>>> Convert pvops invocations to use non-speculative call sequences, when
>>> CONFIG_RETPOLINE is enabled.
>>>
>>> There is scope for future optimisation here — once the pvops methods are
>>> actually set, we could just turn the damn things into *direct* jumps.
>>> But this is perfectly sufficient for now, without that added complexity.
>> I don't see the need to modify the pvops calls.
>>
>> All indirect calls are replaced by either direct calls or other code
>> long before any user code is active.
>>
>> For modules the replacements are in place before the module is being
>> used.
>
> When booting virtualised, sibling hyperthreads can arrange VM-to-VM SP2
> attacks.
>
> One mitigation though is to consider if there is any interesting data to
> leak that early during boot.
Right. And if you are able to detect a booting VM in the other
hyperthread, obtain enough information about its kernel layout and
extract the information via statistical methods in the very short time
frame of the boot before pvops patching takes place. Not to forget the
vast amount of data the booting VM will pull through the caches making
side channel attacks a rather flaky endeavor...
I'd opt for leaving pvops calls untouched. The Reviewed-by: I gave for
the patch was just for its correctness. :-)
Juergen
next prev parent reply other threads:[~2018-01-04 16:04 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-04 9:10 [RFC] Retpoline: Binary mitigation for branch-target-injection (aka "Spectre") Paul Turner
2018-01-04 9:12 ` Paul Turner
2018-01-04 9:24 ` Paul Turner
2018-01-04 9:48 ` Greg Kroah-Hartman
2018-01-04 9:56 ` Woodhouse, David
2018-01-04 9:30 ` Woodhouse, David
2018-01-04 14:36 ` [PATCH v3 01/13] x86/retpoline: Add initial retpoline support David Woodhouse
2018-01-04 18:03 ` Linus Torvalds
2018-01-04 19:32 ` Woodhouse, David
2018-01-04 18:17 ` Alexei Starovoitov
2018-01-04 18:25 ` Linus Torvalds
2018-01-04 18:36 ` Alexei Starovoitov
2018-01-04 19:27 ` David Woodhouse
2018-01-05 10:28 ` Paul Turner
2018-01-05 10:55 ` David Woodhouse
2018-01-05 11:19 ` Paul Turner
2018-01-05 11:25 ` Paul Turner
2018-01-05 11:26 ` Paolo Bonzini
2018-01-05 12:20 ` Paul Turner
2018-01-05 10:40 ` Paul Turner
2018-01-04 18:40 ` Andi Kleen
2018-01-05 10:32 ` Paul Turner
2018-01-05 12:54 ` Thomas Gleixner
2018-01-05 13:01 ` Juergen Gross
2018-01-05 13:03 ` Thomas Gleixner
2018-01-05 13:56 ` Woodhouse, David
2018-01-05 16:41 ` Woodhouse, David
2018-01-05 16:45 ` Borislav Petkov
2018-01-05 17:08 ` Josh Poimboeuf
2018-01-06 0:30 ` Borislav Petkov
2018-01-06 8:23 ` David Woodhouse
2018-01-06 17:02 ` Borislav Petkov
2018-01-07 9:40 ` David Woodhouse
2018-01-07 11:46 ` Borislav Petkov
2018-01-07 12:21 ` David Woodhouse
2018-01-07 14:03 ` Borislav Petkov
2018-01-08 21:50 ` David Woodhouse
2018-01-08 5:06 ` Josh Poimboeuf
2018-01-08 7:55 ` Woodhouse, David
2018-01-05 17:12 ` Woodhouse, David
2018-01-05 17:28 ` Linus Torvalds
2018-01-05 17:48 ` David Woodhouse
2018-01-05 18:05 ` Andi Kleen
2018-01-05 20:32 ` Woodhouse, David
2018-01-05 21:11 ` Brian Gerst
2018-01-05 22:16 ` Woodhouse, David
2018-01-05 22:43 ` Borislav Petkov
2018-01-05 22:00 ` Woodhouse, David
2018-01-05 22:06 ` Borislav Petkov
2018-01-05 23:50 ` Linus Torvalds
2018-01-06 10:53 ` Woodhouse, David
2018-01-04 14:36 ` [PATCH v3 02/13] x86/retpoline/crypto: Convert crypto assembler indirect jumps David Woodhouse
2018-01-04 14:37 ` [PATCH v3 03/13] x86/retpoline/entry: Convert entry " David Woodhouse
2018-01-04 14:46 ` Dave Hansen
2018-01-04 14:49 ` Woodhouse, David
2018-01-04 14:37 ` [PATCH v3 04/13] x86/retpoline/ftrace: Convert ftrace " David Woodhouse
2018-01-04 14:37 ` [PATCH v3 05/13] x86/retpoline/hyperv: Convert " David Woodhouse
2018-01-04 14:37 ` [PATCH v3 06/13] x86/retpoline/xen: Convert Xen hypercall " David Woodhouse
2018-01-04 15:10 ` Juergen Gross
2018-01-04 15:18 ` David Woodhouse
2018-01-04 15:54 ` Juergen Gross
2018-01-04 14:37 ` [PATCH v3 07/13] x86/retpoline/checksum32: Convert assembler " David Woodhouse
2018-01-04 14:37 ` [PATCH v3 08/13] x86/alternatives: Add missing \n at end of ALTERNATIVE inline asm David Woodhouse
2018-01-05 13:04 ` [tip:x86/pti] x86/alternatives: Add missing '\n' " tip-bot for David Woodhouse
2018-01-04 14:37 ` [PATCH v3 09/13] x86/retpoline/irq32: Convert assembler indirect jumps David Woodhouse
2018-01-04 14:37 ` [PATCH v3 10/13] x86/retpoline/pvops: " David Woodhouse
2018-01-04 15:02 ` Juergen Gross
2018-01-04 15:12 ` Woodhouse, David
2018-01-04 15:18 ` Andrew Cooper
2018-01-04 16:04 ` Juergen Gross [this message]
2018-01-04 16:37 ` Andi Kleen
2018-01-04 14:37 ` [PATCH v3 11/13] retpoline/taint: Taint kernel for missing retpoline in compiler David Woodhouse
2018-01-04 22:06 ` Justin Forbes
2018-01-04 14:37 ` [PATCH v3 12/13] retpoline/objtool: Disable some objtool warnings David Woodhouse
2018-01-04 14:37 ` [PATCH v3 13/13] retpoline: Attempt to quiten objtool warning for unreachable code David Woodhouse
2018-01-04 16:18 ` [RFC] Retpoline: Binary mitigation for branch-target-injection (aka "Spectre") Andy Lutomirski
2018-01-04 16:24 ` David Woodhouse
2018-01-05 10:49 ` Paul Turner
2018-01-05 11:43 ` Woodhouse, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5280efe-e5e1-9ba7-c299-11b0f402564a@suse.com \
--to=jgross@suse.com \
--cc=ak@linux.intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linux-foundation.org \
--cc=jikos@kernel.org \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=riel@redhat.com \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).