Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs
- From: Kees Cook <keescook@xxxxxxxxxx>
- Date: Mon, 15 Jan 2018 12:03:45 -0800
- Cc: David Laight <David.Laight@xxxxxxxxxx>, "dwmw@xxxxxxxxxxxx" <dwmw@xxxxxxxxxxxx>, "riel@xxxxxxxxxx" <riel@xxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "tim.c.chen@xxxxxxxxxxxxxxx" <tim.c.chen@xxxxxxxxxxxxxxx>, "pjt@xxxxxxxxxx" <pjt@xxxxxxxxxx>, "jpoimboe@xxxxxxxxxx" <jpoimboe@xxxxxxxxxx>, "ak@xxxxxxxxxxxxxxx" <ak@xxxxxxxxxxxxxxx>, "gregkh@xxxxxxxxxxxxxxxxxxxx" <gregkh@xxxxxxxxxxxxxxxxxxxx>, "torvalds@xxxxxxxxxxxxxxxxxxxx" <torvalds@xxxxxxxxxxxxxxxxxxxx>, "dave.hansen@xxxxxxxxx" <dave.hansen@xxxxxxxxx>, "luto@xxxxxxxxxxxxxx" <luto@xxxxxxxxxxxxxx>, "jikos@xxxxxxxxxx" <jikos@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "linux-tip-commits@xxxxxxxxxxxxxxx" <linux-tip-commits@xxxxxxxxxxxxxxx>
- In-reply-to: <db67ffe2-ee2b-2295-de8e-a1738c661c6e@linux.intel.com>
- References: <1515779365-9032-1-git-send-email-dwmw@amazon.co.uk> <tip-a0ab15c0fb68e202bebd9b17fa49fd7ec48975b3@git.kernel.org> <a4e50e6701554400afd44767c1812ccd@AcuMS.aculab.com> <db67ffe2-ee2b-2295-de8e-a1738c661c6e@linux.intel.com>
On Mon, Jan 15, 2018 at 6:42 AM, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> wrote:
>>
>> This would means that userspace would see return predictions based
>> on the values the kernel 'stuffed' into the RSB to fill it.
>>
>> Potentially this leaks a kernel address to userspace.
>
>
> KASLR pretty much died in May this year to be honest with the KAISER paper
> (if not before then)
KASLR was always on shaky ground for local attacks. For pure remote
attacks, it's still useful. And for driving forward research, it
appears to be quite useful. ;)
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Index of Archives]
[Linux Stable Commits]
[Linux Stable Kernel]
[Linux Kernel]
[Linux USB Devel]
[Linux Video &Media]
[Linux Audio Users]
[Yosemite News]
[Linux SCSI]
