Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available

From: Borislav Petkov
Date: Fri Jul 29 2022 - 14:22:54 EST


On Thu, Jul 28, 2022 at 02:01:57PM -0300, Thadeu Lima de Souza Cascardo wrote:
> I may be completely wrong here, so excuse me throwing out this idea.
>
> But isn't it also possible that userspace attacks the kernel by leveraging
> speculative execution when in firmware? So even when firmware is trusted, it
> might not have mitigations like retpoline and rethunks. So userspace will train
> the BTB in order to make a RET in the firmware speculate to a firmware gadget
> that may spill out kernel bits to the cache.
>
> Even though there is some limited mapping when doing the firmware calls, there
> are still some kernel pages mapped.

Yah, I dunno. That's why I raised this and added Andy. I certainly see
your point tho.

And what I know is, I don't want to be dealing with imaginary virt guest
configurations just because some cloud providers wanna do whatever they
like.

I've put this mitigation selection spaghetti on my to-give-a-stern-look
list. Because it is looking insane already and it'll get even worse with
time.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette