From: Borislav Petkov <bp@alien8.de>
To: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
Date: Fri, 29 Jul 2022 20:22:36 +0200 [thread overview]
Message-ID: <YuQlbFSBC6U/yGeL@zn.tnic> (raw)
In-Reply-To: <YuLBBe2BXrC7CNiu@quatroqueijos>
On Thu, Jul 28, 2022 at 02:01:57PM -0300, Thadeu Lima de Souza Cascardo wrote:
> I may be completely wrong here, so excuse me throwing out this idea.
>
> But isn't it also possible that userspace attacks the kernel by leveraging
> speculative execution when in firmware? So even when firmware is trusted, it
> might not have mitigations like retpoline and rethunks. So userspace will train
> the BTB in order to make a RET in the firmware speculate to a firmware gadget
> that may spill out kernel bits to the cache.
>
> Even though there is some limited mapping when doing the firmware calls, there
> are still some kernel pages mapped.
Yah, I dunno. That's why I raised this and added Andy. I certainly see
your point tho.
And what I know is, I don't want to be dealing with imaginary virt guest
configurations just because some cloud providers wanna do whatever they
like.
I've put this mitigation selection spaghetti on my to-give-a-stern-look
list. Because it is looking insane already and it'll get even worse with
time.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2022-07-29 18:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-28 12:26 [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Thadeu Lima de Souza Cascardo
2022-07-28 12:35 ` Borislav Petkov
2022-07-28 12:39 ` Thadeu Lima de Souza Cascardo
2022-07-28 14:33 ` Dimitri John Ledkov
2022-07-28 15:18 ` Borislav Petkov
2022-07-28 15:50 ` Borislav Petkov
2022-07-28 17:01 ` Thadeu Lima de Souza Cascardo
2022-07-29 18:22 ` Borislav Petkov [this message]
2022-07-28 15:16 ` Peter Zijlstra
2022-07-29 8:11 ` [tip: x86/urgent] " tip-bot2 for Thadeu Lima de Souza Cascardo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YuQlbFSBC6U/yGeL@zn.tnic \
--to=bp@alien8.de \
--cc=andrew.cooper3@citrix.com \
--cc=cascardo@canonical.com \
--cc=dimitri.ledkov@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox