* Fun ahead -- speculation problems being patched in 5.10.105
@ 2022-03-09 21:37 Pavel Machek
2022-03-10 1:54 ` Masami Ichikawa
0 siblings, 1 reply; 2+ messages in thread
From: Pavel Machek @ 2022-03-09 21:37 UTC (permalink / raw)
To: cip-dev, jan.kiszka, masami.ichikawa
[-- Attachment #1: Type: text/plain, Size: 1273 bytes --]
Hi!
It looks like 5.10.105 will be "fun" release. There's big series of
arm64 related speculation tweaks, including
|61f85b56f 558c30 o: 5.10| arm64: Mitigate spectre style branch history side channels
And apparently there are some problems on x86-64 side, too:
|d185aa3cb e9b601 .: 5.10| x86/speculation: Update link to AMD speculation whitepaper
|edc29f23a eafd98 o: 5.10| x86/speculation: Warn about Spectre v2 LFENCE mitigation
|67997c824 0de05d o: 5.10| x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
We have seen worse stuff for a hardware bug mitigation before. Scary
thing here is that arm64 patches are queued against 5.10 but not 4.19
or earlier.
Let me reiterate again that using complex out-of-order CPU is a bad
idea if you care about security.
Let me reiterate that JITs such as eBPF are complex/dangerous and
especially unpriviledged eBPF is risky.
v |316f1dd5e 44a391 o: 5.10| x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fun ahead -- speculation problems being patched in 5.10.105
2022-03-09 21:37 Fun ahead -- speculation problems being patched in 5.10.105 Pavel Machek
@ 2022-03-10 1:54 ` Masami Ichikawa
0 siblings, 0 replies; 2+ messages in thread
From: Masami Ichikawa @ 2022-03-10 1:54 UTC (permalink / raw)
To: Pavel Machek; +Cc: cip-dev, jan.kiszka
HI !
On Thu, Mar 10, 2022 at 6:37 AM Pavel Machek <pavel@denx.de> wrote:
>
> Hi!
>
> It looks like 5.10.105 will be "fun" release. There's big series of
> arm64 related speculation tweaks, including
>
> |61f85b56f 558c30 o: 5.10| arm64: Mitigate spectre style branch history side channels
>
> And apparently there are some problems on x86-64 side, too:
>
> |d185aa3cb e9b601 .: 5.10| x86/speculation: Update link to AMD speculation whitepaper
> |edc29f23a eafd98 o: 5.10| x86/speculation: Warn about Spectre v2 LFENCE mitigation
> |67997c824 0de05d o: 5.10| x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
>
> We have seen worse stuff for a hardware bug mitigation before. Scary
> thing here is that arm64 patches are queued against 5.10 but not 4.19
> or earlier.
>
> Let me reiterate again that using complex out-of-order CPU is a bad
> idea if you care about security.
>
> Let me reiterate that JITs such as eBPF are complex/dangerous and
> especially unpriviledged eBPF is risky.
>
That's true. We saw lots of CVEs which recommended disabling unprivileged eBPF.
It is difficult to achieve both safety and usefulness :(
> v |316f1dd5e 44a391 o: 5.10| x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
>
> Best regards,
> Pavel
>
> --
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-10 1:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-09 21:37 Fun ahead -- speculation problems being patched in 5.10.105 Pavel Machek
2022-03-10 1:54 ` Masami Ichikawa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox