Re: [tip: x86/bugs] x86/retpoline: Ensure default return thunk isn't used at runtime
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [tip: x86/bugs] x86/retpoline: Ensure default return thunk isn't used at runtime
- From: Borislav Petkov <bp@xxxxxxxxx>
- Date: Wed, 18 Oct 2023 22:04:14 +0200
- Cc: Ingo Molnar <mingo@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-tip-commits@xxxxxxxxxxxxxxx, David Kaplan <david.kaplan@xxxxxxx>, "Peter Zijlstra (Intel)" <peterz@xxxxxxxxxxxxx>, x86@xxxxxxxxxx, David Howells <dhowells@xxxxxxxxxx>
- In-reply-to: <20231018191407.n4ys6vefbio7z3sn@treble>
- References: <20231018132352.GBZS/caGJ8Wk9kmTbg@fat_crate.local> <ZS/f8DeEIWhBtBeb@gmail.com> <20231018151245.GCZS/17QhDGe7q6K+w@fat_crate.local> <20231018155433.z4auwckr5s27wnig@treble> <20231018175531.GEZTAcE2p92U1AuVp1@fat_crate.local> <20231018181431.skre6i6vzrxsprck@treble> <20231018182223.GFZTAiX4BJ6FT8bHzz@fat_crate.local> <20231018183915.xwamzzqjf6gehaou@treble> <20231018184431.GGZTAnj8V/R54S5KK9@fat_crate.local> <20231018191407.n4ys6vefbio7z3sn@treble>
On Wed, Oct 18, 2023 at 12:14:07PM -0700, Josh Poimboeuf wrote:
> There are a lot of warnings which could become security concerns.
Not "could become" - this one *is* a security issue because it means we're
not mitigating with the RET thunks properly.
> By definition, a warning means something is seriously wrong. If it's
> ignored, all bets are off. That's why we taint the kernel.
If I could, I'd cripple the kernel just enough so that it issues the
warning and then stops so that the users are not exposed, but show why
it stopped. And we know that panicking doesn't provide that.
David suggested earlier that perhaps we should warn and then mark the
kernel as vulnerable to those mitigations. That could be a more
realistic thing to do...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
[Index of Archives]
[Linux Stable Commits]
[Linux Stable Kernel]
[Linux Kernel]
[Linux USB Devel]
[Linux Video &Media]
[Linux Audio Users]
[Yosemite News]
[Linux SCSI]