Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752864AbeAGKJB (ORCPT + 1 other); Sun, 7 Jan 2018 05:09:01 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:47240 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752385AbeAGKI6 (ORCPT ); Sun, 7 Jan 2018 05:08:58 -0500 Date: Sun, 7 Jan 2018 11:08:24 +0100 (CET) From: Thomas Gleixner To: Alexei Starovoitov cc: Alan Cox , Linus Torvalds , Dan Williams , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Andi Kleen , Arnd Bergmann , Greg Kroah-Hartman , Peter Zijlstra , netdev@vger.kernel.org, Ingo Molnar , "H. Peter Anvin" Subject: Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok In-Reply-To: <20180107033812.awq3vz4gdkps7tix@ast-mbp> Message-ID: References: <20180106123242.77f4d860@alans-desktop> <20180106181331.mmrqwwbu2jcjj2si@ast-mbp> <20180106183859.1ad9ae37@alans-desktop> <20180106185134.dzn2en4vw2hj3p6h@ast-mbp> <20180106195551.3207f75d@alans-desktop> <20180106200912.zhzdt4qmfrojeeqe@ast-mbp> <20180106202213.23e553fb@alans-desktop> <20180106211729.cp5oet3at3hyce4o@ast-mbp> <20180106230507.3547c9a0@alans-desktop> <20180107033812.awq3vz4gdkps7tix@ast-mbp> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Sat, 6 Jan 2018, Alexei Starovoitov wrote: > which clearly states that bpf_tail_call() was used in the attack. > Yet none of the intel nor arm patches address speculation in > this bpf helper! > It means that: > - gpz didn't share neither exploit nor the detailed description > of the POC with cpu vendors until now > - coverity rules used to find all these places in the kernel > failed to find bpf_tail_call > - cpu vendors were speculating what variant 1 can actually do You forgot to mention that there might be other attacks than the public POC which are not covered by a simple AND .... Thanks, tglx