Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Thu, 25 Jan 2018 18:23:51 -0800
Cc: labbott@xxxxxxxxxx, luto@xxxxxxxxxx, Janakarajan.Natarajan@xxxxxxx, bp@xxxxxxx, torvalds@xxxxxxxxxxxxxxxxxxxx, asit.k.mallick@xxxxxxxxx, rkrcmar@xxxxxxxxxx, karahmed@xxxxxxxxx, hpa@xxxxxxxxx, jun.nakajima@xxxxxxxxx, mingo@xxxxxxxxxx, x86@xxxxxxxxxx, ashok.raj@xxxxxxxxx, arjan.van.de.ven@xxxxxxxxx, tim.c.chen@xxxxxxxxxxxxxxx, pbonzini@xxxxxxxxxx, ak@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, dwmw2@xxxxxxxxxxxxx, peterz@xxxxxxxxxxxxx, tglx@xxxxxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, mhiramat@xxxxxxxxxx, arjan@xxxxxxxxxxxxxxx, thomas.lendacky@xxxxxxx, dan.j.williams@xxxxxxxxx, joro@xxxxxxxxxx, aarcange@xxxxxxxxxx, kvm@xxxxxxxxxxxxxxx
In-reply-to: <7c0b0879-3448-43e4-8380-4708fc787113@default>
References: <7c0b0879-3448-43e4-8380-4708fc787113@default>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 01/25/2018 06:11 PM, Liran Alon wrote:
> It is true that attacker cannot speculate to a kernel-address, but it
> doesn't mean it cannot use the leaked kernel-address together with
> another unrelated vulnerability to build a reliable exploit.

The address doesn't leak if you can't execute there.  It's the same
reason that we don't worry about speculation to user addresses from the
kernel when SMEP is in play.

Follow-Ups:
- Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
  - From: David Woodhouse

References:
- Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
  - From: Liran Alon

Prev by Date: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
Next by Date: Re: [virtio-dev] Re: [PATCH v25 2/2] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT
Previous by thread: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
Next by thread: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]