Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch
From: Andrew Cooper
Date: Mon Jan 08 2018 - 20:16:50 EST
On 09/01/2018 00:58, Linus Torvalds wrote:
> On Mon, Jan 8, 2018 at 4:44 PM, Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
>> Essentially the RSB are hidden registers, and the only way to clear them
>> is the FILL_RETURN_BUFFER sequence. I don't see how clearing anything else
>> would help?
> Forget theory. Look at practice.
>
> Let's just assume that the attacker can write arbitrarily to the RSB
> state. Just accept it.
>
> If you accept that, then you turn the question instead into: are there
> things we can do to make that useless to an attacker.
>
> And there the point is that even if you control the RSB contents, you
> need to find something relevant to *put* in the RSB. You need to find
> the gadget that makes that control of the RSB useful.
This is where the problem lies. An attacker with arbitrary control of
the RSB can redirect speculation arbitrarily. (And I agree, this is a
good default assumption to take).
If SMEP is not active, speculation can go anywhere, including to a user
controlled gadget which can reload any registers it needs, including
with immediate constants.
If SMEP is active, the attackers control of speculation is restricted to
supervisor executable mappings.
The real question is whether it is worth special casing the SMEP-active
case given that for the SMEP-inactive case, your only viable option is
to refill the RSB and discard any potentially poisoned mappings.
~Andrew