Re: Concerns about enabling retpolines by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 26 Sep 2018 at 19:32, Florian Weimer <fweimer@xxxxxxxxxx> wrote:
> We recently discovered that our OpenSSH distribution binaries contain
> retpoline thunks.  It's due to this
>
>             OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
>             OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc

I was the one who added those.  It was shortly after the disclosure of
Spectre, and the concern was that ssh, sshd and particularly ssh-agent
hold secrets where the disclosure of those across trust boundaries
would be various levels of bad.

The documentation at the time was pretty sparse and it's not much
clearer now.  What should a userspace program do for Spectre?

> There have been other retpoline bugs in GCC which do not affect the
> kernel (or affect only rarely used kernel features), but are potentially
> visible in user space, so few distributions will backport those fixes to
> their distribution compilers.

Can we determine which versions are affected?  If there's one known to
work we can disable the check for versions prior to that.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux