Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

On Mon, Jan 15, 2018 at 6:42 AM, Arjan van de Ven wrote: >> >> This would means that userspace would see return predictions based >> on the values the kernel 'stuffed' into the RSB to fill it. >> >> Potentially this leaks a kernel address to userspace. > > > KASLR pretty much died in May this year

Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

This would means that userspace would see return predictions based on the values the kernel 'stuffed' into the RSB to fill it. Potentially this leaks a kernel address to userspace. KASLR pretty much died in May this year to be honest with the KAISER paper (if not before then) also with KPTI

Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

On Mon, 2018-01-15 at 14:35 +, David Laight wrote: > From: David Woodhouse > > > > Sent: 14 January 2018 17:04 > > x86/retpoline: Fill RSB on context switch for affected CPUs > > > > On context switch from a shallow call stack to a deeper one, as the CPU > > does 'ret' up the deeper side it m

RE: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

From: David Woodhouse > Sent: 14 January 2018 17:04 > x86/retpoline: Fill RSB on context switch for affected CPUs > > On context switch from a shallow call stack to a deeper one, as the CPU > does 'ret' up the deeper side it may encounter RSB entries (predictions for > where the 'ret' goes to) whi

Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

On Sun, 2018-01-14 at 16:05 -0800, Andi Kleen wrote: > > + if ((!boot_cpu_has(X86_FEATURE_PTI) && > > +  !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { > > + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > > + pr_info("Filling RSB on context switch\n"); >

Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

On Sun, Jan 14, 2018 at 04:05:54PM -0800, Andi Kleen wrote: > > + if ((!boot_cpu_has(X86_FEATURE_PTI) && > > +!boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { > > + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > > + pr_info("Filling RSB on context switch\n"); > >

Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

> + if ((!boot_cpu_has(X86_FEATURE_PTI) && > + !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { > + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > + pr_info("Filling RSB on context switch\n"); > + } Missing an option to turn this off. -Andi

[tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

Commit-ID: c995efd5a740d9cbafbf58bde4973e8b50b4d761 Gitweb: https://git.kernel.org/tip/c995efd5a740d9cbafbf58bde4973e8b50b4d761 Author: David Woodhouse AuthorDate: Fri, 12 Jan 2018 17:49:25 + Committer: Thomas Gleixner CommitDate: Mon, 15 Jan 2018 00:32:44 +0100 x86/retpoline: Fill

[tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs

Commit-ID: a0ab15c0fb68e202bebd9b17fa49fd7ec48975b3 Gitweb: https://git.kernel.org/tip/a0ab15c0fb68e202bebd9b17fa49fd7ec48975b3 Author: David Woodhouse AuthorDate: Fri, 12 Jan 2018 17:49:25 + Committer: Thomas Gleixner CommitDate: Sun, 14 Jan 2018 16:41:39 +0100 x86/retpoline: Fill