Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel

From: Alexei Starovoitov
Date: Mon Jan 08 2018 - 11:13:22 EST

Next message: Willy Tarreau: "[PATCH RFC 4/4] x86/entry/pti: don't switch PGD on tasks holding flag TIF_NOPTI"
Previous message: Willy Tarreau: "[PATCH RFC 3/4] x86/pti: don't mark the user PGD with _PAGE_NX."
In reply to: Paul Turner: "Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel"
Next in thread: Woodhouse, David: "Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 08, 2018 at 02:42:13AM -0800, Paul Turner wrote:
>
> kernel->kernel independent of SMEP:
> While much harder to coordinate, facilities such as eBPF potentially
> allow exploitable return targets to be created.
> Generally speaking (particularly if eBPF has been disabled) the risk
> is _much_ lower here, since we can only return into kernel execution
> that was already occurring on another thread (which could e.g. likely
> be attacked there directly independent of RSB poisoning.)

we can remove bpf interpreter without losing features:
https://patchwork.ozlabs.org/patch/856694/
Ironically JIT is more secure than interpreter.

Next message: Willy Tarreau: "[PATCH RFC 4/4] x86/entry/pti: don't switch PGD on tasks holding flag TIF_NOPTI"
Previous message: Willy Tarreau: "[PATCH RFC 3/4] x86/pti: don't mark the user PGD with _PAGE_NX."
In reply to: Paul Turner: "Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel"
Next in thread: Woodhouse, David: "Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]