From: Pavel Machek <pavel@ucw.cz>
To: Andi Kleen <andi@firstfloor.org>
Cc: tglx@linutronix.de, torvalds@linux-foundation.org,
gregkh@linux-foundation.org, linux-kernel@vger.kernel.org,
tim.c.chen@linux.intel.com
Subject: Re: Avoid speculative indirect calls in kernel
Date: Thu, 4 Jan 2018 12:49:17 +0100 [thread overview]
Message-ID: <20180104114917.GC1702@amd> (raw)
In-Reply-To: <20180104020019.1173-1-andi@firstfloor.org>
[-- Attachment #1: Type: text/plain, Size: 1039 bytes --]
Hi!
> This is a fix for Variant 2 in
> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.
Ok.
> So we want to avoid speculative indirect calls in the kernel.
>
> There's a special code sequence called a retpoline that can
> do indirect calls without speculation. We use a new compiler
> option -mindirect-branch=thunk-extern (gcc patch will be released
> separately) to recompile the kernel with this new sequence.
So... this "retpoline" code is quite tricky; I guess it does the right
on recent Intel CPUs. Does it also do the right thing on all the AMD,
Cyrix, ... variants?
Is it neccessary on all the CPUs? I guess 486 does not need this?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-01-04 11:49 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-04 2:00 Avoid speculative indirect calls in kernel Andi Kleen
2018-01-04 2:00 ` [PATCH v2 01/12] x86/retpoline: Define retpoline indirect thunk and macros Andi Kleen
2018-01-04 2:15 ` Brian Gerst
2018-01-04 2:32 ` Alan Cox
2018-01-04 2:00 ` [PATCH v2 02/12] x86/retpoline/crypto: Convert crypto assembler indirect jumps Andi Kleen
2018-01-04 2:00 ` [PATCH v2 03/12] x86/retpoline/entry: Convert entry " Andi Kleen
2018-01-04 8:42 ` David Woodhouse
2018-01-04 2:00 ` [PATCH v2 04/12] x86/retpoline/ftrace: Convert ftrace " Andi Kleen
2018-01-04 2:00 ` [PATCH v2 05/12] x86/retpoline/hyperv: Convert " Andi Kleen
2018-01-04 2:00 ` [PATCH v2 06/12] x86/retpoline/crypto: Convert xen " Andi Kleen
2018-01-04 6:48 ` Juergen Gross
2018-01-04 6:50 ` Andi Kleen
2018-01-04 2:00 ` [PATCH v2 07/12] x86/retpoline/checksum32: Convert " Andi Kleen
2018-01-04 2:00 ` [PATCH v2 08/12] x86/retpoline/irq32: " Andi Kleen
2018-01-04 2:00 ` [PATCH v2 09/12] x86/retpoline: Finally enable retpoline for C code Andi Kleen
2018-01-04 2:00 ` [PATCH v2 10/12] retpoline/taint: Taint kernel for missing retpoline in compiler Andi Kleen
2018-01-04 2:00 ` [PATCH v2 11/12] retpoline/objtool: Disable some objtool warnings Andi Kleen
2018-01-04 14:38 ` Josh Poimboeuf
2018-01-04 14:46 ` David Woodhouse
2018-01-04 15:59 ` Andi Kleen
2018-01-04 16:06 ` Josh Poimboeuf
2018-01-04 16:13 ` Andi Kleen
2018-01-04 16:32 ` Josh Poimboeuf
2018-01-04 17:35 ` Josh Poimboeuf
2018-01-04 2:00 ` [PATCH v2 12/12] retpoline: Attempt to quiten objtool warning for unreachable code Andi Kleen
2018-01-04 11:49 ` Pavel Machek [this message]
2018-01-04 12:09 ` Avoid speculative indirect calls in kernel Alan Cox
2018-01-04 13:32 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2018-02-23 21:10 Ywe Cærlyn
2018-01-12 8:20 Dr. Greg Wettstein
2018-01-03 23:09 Andi Kleen
2018-01-03 23:51 ` Linus Torvalds
2018-01-04 0:00 ` Alan Cox
2018-01-04 0:09 ` Andi Kleen
2018-01-04 0:12 ` Thomas Gleixner
2018-01-04 0:15 ` Andi Kleen
2018-01-04 0:19 ` Jiri Kosina
2018-01-05 2:01 ` james harvey
2018-01-05 10:40 ` Woodhouse, David
2018-01-05 12:29 ` james harvey
2018-01-05 12:06 ` Alan Cox
2018-01-04 0:29 ` Alan Cox
2018-01-04 0:31 ` Thomas Gleixner
2018-01-04 0:38 ` Alan Cox
2018-01-04 0:40 ` Andi Kleen
2018-01-04 8:15 ` Woodhouse, David
2018-01-04 15:53 ` Andi Kleen
2018-01-04 15:55 ` Woodhouse, David
2018-01-04 0:20 ` Linus Torvalds
2018-01-04 0:26 ` Thomas Gleixner
2018-01-04 0:18 ` David Lang
2018-01-04 1:00 ` Paul Turner
2018-01-04 1:41 ` Paolo Bonzini
2018-01-04 1:59 ` Alan Cox
2018-01-04 2:11 ` Paolo Bonzini
2018-01-04 8:20 ` Woodhouse, David
2018-01-04 11:42 ` Pavel Machek
2018-01-04 11:47 ` Woodhouse, David
2018-01-04 14:20 ` Paolo Bonzini
2018-01-04 14:51 ` Andrew Cooper
2018-01-04 15:29 ` Woodhouse, David
2018-01-04 15:32 ` Paolo Bonzini
2018-01-04 15:37 ` Andrew Cooper
2018-01-04 16:15 ` David Woodhouse
2018-01-04 20:00 ` Tom Lendacky
2018-01-04 20:05 ` David Woodhouse
2018-01-04 23:47 ` Tom Lendacky
2018-01-05 0:06 ` Andrew Cooper
2018-01-05 0:26 ` Tom Lendacky
2018-01-04 16:52 ` Andrea Arcangeli
2018-01-04 15:32 ` Paolo Bonzini
2018-01-04 16:25 ` Andrea Arcangeli
2018-01-04 17:04 ` Alan Cox
2018-01-04 17:40 ` Andrea Arcangeli
2018-01-04 17:13 ` Dave Hansen
2018-01-04 17:15 ` Paolo Bonzini
2018-01-04 18:05 ` Andrea Arcangeli
2018-01-04 14:55 ` Woodhouse, David
2018-01-04 18:24 ` Pavel Machek
2018-01-04 19:57 ` Jon Masters
2018-01-05 0:41 ` Jon Masters
2018-01-05 0:54 ` Thomas Gleixner
2018-01-05 4:11 ` Jon Masters
2018-01-05 9:59 ` Thomas Gleixner
2018-01-08 10:28 ` Andrea Arcangeli
2018-01-08 20:53 ` Thomas Gleixner
2018-01-08 21:32 ` Andrea Arcangeli
2018-01-10 0:45 ` Thomas Gleixner
2018-01-10 1:11 ` Dave Hansen
2018-01-10 16:02 ` Thomas Gleixner
2018-01-05 6:49 ` Willy Tarreau
2018-01-05 6:57 ` Dave Hansen
2018-01-05 7:13 ` Willy Tarreau
2018-01-07 14:14 ` Borislav Petkov
2018-01-07 17:21 ` David Lang
2018-01-07 18:49 ` Borislav Petkov
2018-01-07 17:44 ` Willy Tarreau
2018-01-07 18:55 ` Borislav Petkov
2018-01-07 22:10 ` Willy Tarreau
2018-01-08 9:18 ` Thomas Gleixner
2018-01-08 9:29 ` Willy Tarreau
2018-01-08 16:22 ` Borislav Petkov
2018-01-08 16:53 ` Willy Tarreau
2018-01-05 12:12 ` Alan Cox
2018-01-09 1:44 ` Samir Bellabes
[not found] ` <CAL9bgJ8XNJgCtxR6+M+Vm9eDBVZ4Dyi_-Lt-Q1ei9N=TE2c6cg@mail.gmail.com>
2018-01-07 5:04 ` Fwd: " Kiernan Hager
2018-01-07 14:01 ` Alan Cox
2018-01-07 17:47 ` Willy Tarreau
2018-01-07 18:01 ` Ivan Ivanov
2018-01-07 18:16 ` Woodhouse, David
2018-01-04 11:26 ` Pavel Machek
2018-01-04 11:54 ` Alan Cox
2018-01-04 18:33 ` Linus Torvalds
2018-01-04 20:08 ` Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180104114917.GC1702@amd \
--to=pavel@ucw.cz \
--cc=andi@firstfloor.org \
--cc=gregkh@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).