Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok
From: David Miller
Date: Sun Jan 07 2018 - 21:23:55 EST
From: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Date: Sun, 7 Jan 2018 21:56:39 +0100 (CET)
> I surely agree, but we have gone the way of PTI without the ability of
> exempting individual processes exactly for one reason:
>
> Lack of time
>
> It can be done on top of the PTI implementation and it won't take ages.
>
> For spectre_v1/2 we face the same problem simply because we got informed so
> much ahead of time and we were all twiddling thumbs, enjoying our christmas
> vacation and having a good time.
I just want to point out that this should be noted in history as a
case where all of this controlled disclosure stuff seems to have made
things worse rather than better.
Why is there so much haste and paranoia if supposedly some group of
people had all this extra time to think about and deal with this bug?
>From what I've seen, every single time, the worse a problem is, the
more important it is to expose it to as many smart folks as possible.
And to do so as fast as possible.
And to me that means full disclosure immediately for the super high
level stuff like what we are dealing with here.
Think I'm nuts? Ok, then how did we fare any better by keeping this
junk under wraps for weeks if not months? (seriously, did responsible
people really know about this as far back as... June 2017?)
Controlled disclosure for high propfile bugs seems to only achieve two
things:
1) Vendors can cover their butts and come up with deflection
strategies.
2) The "theatre" aspect of security can be maximized as much as
possible. We even have a pretty web site and cute avatars this
time!
None of this has anything to do with having time to come up with the
best possible implementation of a fix. You know, the technical part?
So after what appears to be as much as 6 months of deliberating the
very wise men in the special room said: "KPTI and lfence"
Do I get this right?