Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch

From: Andi Kleen
Date: Mon Jan 08 2018 - 19:44:31 EST

Next message: Woodhouse, David: "Re: [PATCH] x86/retpoline: Avoid return buffer underflows on context switch"
Previous message: David Woodhouse: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
In reply to: David Woodhouse: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
Next in thread: Linus Torvalds: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So I was really hoping that in places like context switching etc, we'd
> be able to instead effectively kill off any exploits by clearing
> registers.
>
> That should make it pretty damn hard to then find a matching "gadget"
> that actually does anything interesting/powerful.
>
> Together with Spectre already being pretty hard to take advantage of,
> and the eBPF people making those user-proivided gadgets inaccessible,
> it really should be a pretty powerful fix.
>
> Hmm?

Essentially the RSB are hidden registers, and the only way to clear them
is the FILL_RETURN_BUFFER sequence. I don't see how clearing anything else
would help?

-Andi

Next message: Woodhouse, David: "Re: [PATCH] x86/retpoline: Avoid return buffer underflows on context switch"
Previous message: David Woodhouse: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
In reply to: David Woodhouse: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
Next in thread: Linus Torvalds: "Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]