From: Will Deacon <will.deacon@arm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Alexei Starovoitov <ast@fb.com>,
"David S . Miller" <davem@davemloft.net>,
Daniel Borkmann <daniel@iogearbox.net>,
Jann Horn <jannh@google.com>,
Dan Williams <dan.j.williams@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Elena Reshetova <elena.reshetova@intel.com>,
Alan Cox <alan@linux.intel.com>,
Network Development <netdev@vger.kernel.org>,
kernel-team <kernel-team@fb.com>
Subject: Re: [PATCH bpf] bpf: prevent out-of-bounds speculation
Date: Wed, 10 Jan 2018 19:47:33 +0000 [thread overview]
Message-ID: <20180110194733.GO9723@arm.com> (raw)
In-Reply-To: <20180109102129.GG4297@arm.com>
Hi again Linus, Alexei,
On Tue, Jan 09, 2018 at 10:21:29AM +0000, Will Deacon wrote:
> On Mon, Jan 08, 2018 at 10:49:01AM -0800, Linus Torvalds wrote:
> > In this particular case, we should be very much aware of future CPU's
> > being more _constrained_, because CPU vendors had better start taking
> > this thing into account.
> >
> > So the masking approach is FUNDAMENTALLY SAFER than the "let's try to
> > limit control speculation".
> >
> > If somebody can point to a CPU that actually speculates across an
> > address masking operation, I will be very surprised. And unless you
> > can point to that, then stop trying to dismiss the masking approach.
>
> Whilst I agree with your comments about future CPUs, this stuff is further
> out of academia than you might think. We're definitely erring on the
> belt-and-braces side of things at the moment, so let me go check what's
> *actually* been built and I suspect we'll be able to make the masking work.
>
> Stay tuned...
I can happily confirm that there aren't any (ARM architecture) CPUs where
the masking approach is not sufficient, so there's no need to worry about
value speculation breaking this.
Will
next prev parent reply other threads:[~2018-01-10 19:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20180105042811.1590965-1-ast@fb.com>
2018-01-05 17:53 ` [PATCH bpf] bpf: prevent out-of-bounds speculation Mark Rutland
2018-01-08 17:05 ` Mark Rutland
2018-01-08 18:49 ` Linus Torvalds
2018-01-09 10:21 ` Will Deacon
2018-01-10 19:47 ` Will Deacon [this message]
2018-01-10 22:29 ` Alexei Starovoitov
2018-02-05 15:38 ` Will Deacon
2018-01-09 15:04 ` Mark Rutland
2018-01-17 14:47 ` Alan Cox
2018-01-08 23:20 ` Alexei Starovoitov
[not found] <20180105042242.1569490-1-ast@kernel.org>
2018-01-17 13:56 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110194733.GO9723@arm.com \
--to=will.deacon@arm.com \
--cc=alan@linux.intel.com \
--cc=ast@fb.com \
--cc=dan.j.williams@intel.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=elena.reshetova@intel.com \
--cc=jannh@google.com \
--cc=kernel-team@fb.com \
--cc=mark.rutland@arm.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).