Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751262AbeACXvh (ORCPT + 1 other); Wed, 3 Jan 2018 18:51:37 -0500 Received: from mail-it0-f50.google.com ([209.85.214.50]:44958 "EHLO mail-it0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750979AbeACXvg (ORCPT ); Wed, 3 Jan 2018 18:51:36 -0500 X-Google-Smtp-Source: ACJfBot3njeilAItFzJjluOFqb4hBX0vhENJp6w6qOfpwmiAk1RdF32I0ZvxrA8jlikNIUMoB52hx2/MaKjntc1Z3Fc= MIME-Version: 1.0 In-Reply-To: <20180103230934.15788-1-andi@firstfloor.org> References: <20180103230934.15788-1-andi@firstfloor.org> From: Linus Torvalds Date: Wed, 3 Jan 2018 15:51:35 -0800 X-Google-Sender-Auth: Gy_woz3H8smLejoVoHqmymyGhzM Message-ID: Subject: Re: Avoid speculative indirect calls in kernel To: Andi Kleen Cc: tglx@linuxtronix.de, Greg Kroah-Hartman , dwmw@amazon.co.uk, Tim Chen , Linux Kernel Mailing List , Dave Hansen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen wrote: > This is a fix for Variant 2 in > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > Any speculative indirect calls in the kernel can be tricked > to execute any kernel code, which may allow side channel > attacks that can leak arbitrary kernel data. Why is this all done without any configuration options? A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL. I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed. .. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind. Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"? Because if that's the case, maybe we should start looking towards the ARM64 people more. Please talk to management. Because I really see exactly two possibibilities: - Intel never intends to fix anything OR - these workarounds should have a way to disable them. Which of the two is it? Linus