Re: Avoid speculative indirect calls in kernel

From: Woodhouse, David
Date: Thu Jan 04 2018 - 10:56:41 EST

Next message: syzbot: "kernel BUG at ./include/linux/skbuff.h:LINE!"
Previous message: Juergen Gross: "Re: [PATCH v3 06/13] x86/retpoline/xen: Convert Xen hypercall indirect jumps"
In reply to: Andi Kleen: "Re: Avoid speculative indirect calls in kernel"
Next in thread: Linus Torvalds: "Re: Avoid speculative indirect calls in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2018-01-04 at 07:53 -0800, Andi Kleen wrote:
>
> I remove that because what you're testing for doesn't exist in the
> tree yet.Â
>
> Yes it can be added later.
>
> Right now we just want a basic static version to work reliably.

But it doesn't. You can't protect VMs from each other, or userspace
processes from each other, without IBPB. And you really ought to be
setting IBRS before calling any runtime firmware APIs too.

So we really do need to add the microcode support on top right away,
even if we refactor the series to put retpoline first.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: syzbot: "kernel BUG at ./include/linux/skbuff.h:LINE!"
Previous message: Juergen Gross: "Re: [PATCH v3 06/13] x86/retpoline/xen: Convert Xen hypercall indirect jumps"
In reply to: Andi Kleen: "Re: Avoid speculative indirect calls in kernel"
Next in thread: Linus Torvalds: "Re: Avoid speculative indirect calls in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]