From: Borislav Petkov <bp@alien8.de>
To: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
Date: Fri, 29 Jul 2022 20:22:36 +0200 [thread overview]
Message-ID: <YuQlbFSBC6U/yGeL@zn.tnic> (raw)
In-Reply-To: <YuLBBe2BXrC7CNiu@quatroqueijos>
On Thu, Jul 28, 2022 at 02:01:57PM -0300, Thadeu Lima de Souza Cascardo wrote:
> I may be completely wrong here, so excuse me throwing out this idea.
>
> But isn't it also possible that userspace attacks the kernel by leveraging
> speculative execution when in firmware? So even when firmware is trusted, it
> might not have mitigations like retpoline and rethunks. So userspace will train
> the BTB in order to make a RET in the firmware speculate to a firmware gadget
> that may spill out kernel bits to the cache.
>
> Even though there is some limited mapping when doing the firmware calls, there
> are still some kernel pages mapped.
Yah, I dunno. That's why I raised this and added Andy. I certainly see
your point tho.
And what I know is, I don't want to be dealing with imaginary virt guest
configurations just because some cloud providers wanna do whatever they
like.
I've put this mitigation selection spaghetti on my to-give-a-stern-look
list. Because it is looking insane already and it'll get even worse with
time.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2022-07-29 18:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-28 12:26 [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Thadeu Lima de Souza Cascardo
2022-07-28 12:35 ` Borislav Petkov
2022-07-28 12:39 ` Thadeu Lima de Souza Cascardo
2022-07-28 14:33 ` Dimitri John Ledkov
2022-07-28 15:18 ` Borislav Petkov
2022-07-28 15:50 ` Borislav Petkov
2022-07-28 17:01 ` Thadeu Lima de Souza Cascardo
2022-07-29 18:22 ` Borislav Petkov [this message]
2022-07-28 15:16 ` Peter Zijlstra
2022-07-29 8:11 ` [tip: x86/urgent] " tip-bot2 for Thadeu Lima de Souza Cascardo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YuQlbFSBC6U/yGeL@zn.tnic \
--to=bp@alien8.de \
--cc=andrew.cooper3@citrix.com \
--cc=cascardo@canonical.com \
--cc=dimitri.ledkov@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.