Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2466653rwb; Mon, 7 Nov 2022 13:42:51 -0800 (PST) X-Google-Smtp-Source: AMsMyM6uRllwpa/fMEOEyaLDe+Lmo03d4PjNvpcSXCwBkG6PfsKzKyEpWgH11KgjUnp0yZcgoE2n X-Received: by 2002:a63:2b90:0:b0:45b:f967:58a6 with SMTP id r138-20020a632b90000000b0045bf96758a6mr46304485pgr.313.1667857370894; Mon, 07 Nov 2022 13:42:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667857370; cv=none; d=google.com; s=arc-20160816; b=sSkfebjgqvixAnkRPMXFb4j0Rh3gWHQ1n5RZhSuWiFy4MZmHOtE8sbGwhA+dLvY4zW m40DvDXaL117Y/FUCcz05Efu7ZcMbEC63stApjrb8Y5pw5bzfUBvjmhusZBXhtxakF6o fmyahQ15ebgD/WsCywpn1Uk76DEjDZoc1e0H2kOSmg/3Hol1B4p5HGtgqtb13gShtQw3 uMGjw2JRl0pxslfSyaex1xmAGOy3mc2tByV5Q3tSKYYoBH4q47Cg4tJfvwr8Ac/Z48mw 6TKv6aJHm37ZMF4OEXLk0NoJLT0tWCIVdgoHkzOGPnYJPoTC17AQCXmAZZxw7thaSrwK OCLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wmFwxcevlD4i/ab8Reo6w/4z7MiuO85AuDqpGpbqhYU=; b=dfohq3PqDdNLyoB4j/vY+Dl2eki4NI3GuyWMNmJ5LAiPQRgItMF6Mt2LunkH0fOVKK YfeDfuLH04xuhPt6bAIMPKmOzq8IBRW7tr9XW/ZZrDwAkaQyqfde2hjlpYwaLhuFx6XM nBQddohtVa+YSVY8Ak2gh1jbaKrsAc/d51brlQv33waiejO5AOXGERi2PurHO7CuZDa0 dboRmogLtsL4XhpvG2IK+rGCV57ikae9Vw6r5+51uHuqzLCqppP60d4xjUuo/5EfUkHO 3ejmeVxpxA9Wkq1Dvi7/bucaSNdOXGeQq73tvzz4gXoU54v46IxAdOWvwRqwMhWdqaxD HeoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XAIeExdH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u15-20020a63d34f000000b0046f729604f6si11687574pgi.174.2022.11.07.13.42.38; Mon, 07 Nov 2022 13:42:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XAIeExdH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232940AbiKGUiv (ORCPT + 92 others); Mon, 7 Nov 2022 15:38:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232943AbiKGUit (ORCPT ); Mon, 7 Nov 2022 15:38:49 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A5DB29C8C for ; Mon, 7 Nov 2022 12:38:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E846AB81619 for ; Mon, 7 Nov 2022 20:38:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 143AEC433D6; Mon, 7 Nov 2022 20:38:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667853524; bh=2CPeClRuc5C9p5rm4iumA7wQInldkQ1fN+K3/RZZesM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XAIeExdHegxfdgJSayGo6D/Q+PPibAbSVVQuB7DO5w4yz0/Ieds2NQtsSUhqA9cHD yhy3jU8YxYU65hSo79MF75cMQgW3tsMVbI/biqZLPWyUvWA8lSTAjKbx++1gNk9QOR 7y4EaXlBiFa8LU/VsulpFus6kPlVM1vzE5wDrleFkYlvXU8BVuKwwEUB+qaIgdE7I2 YvKKR1jWZnfEnoVYNAPXezR+TOXlC/s8y69s9BulCTnP+PQPdLUy2J1IbElLmaZCz5 7hQfSEUOdnfQqapvYpSHutpsLvooOu7mEBgkW3u0RXqIUZDIQm0pAMrlVbG9DCwnQT Ws7apDDtTG5mw== Date: Mon, 7 Nov 2022 12:38:42 -0800 From: Eric Biggers To: Ard Biesheuvel Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Marc Zyngier , "Jason A . Donenfeld" , Kees Cook , Suzuki K Poulose , Adam Langley Subject: Re: [PATCH v2] arm64: Enable data independent timing (DIT) in the kernel Message-ID: References: <20221107172400.1851434-1-ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221107172400.1851434-1-ardb@kernel.org> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 07, 2022 at 06:24:00PM +0100, Ard Biesheuvel wrote: [...] > > Currently, we have no idea whether or not running privileged code with > DIT disabled on a CPU that implements support for it may result in a > side channel that exposes privileged data to unprivileged user space > processes, so let's be cautious and just enable DIT while running in the > kernel if supported by all CPUs. [...] > > - tweak the commit log so that it doesn't read as if we are fixing an > actual vulnerability I think the above undersells this a bit, as crypto code often relies on instructions being constant-time to prevent leakage of secrets outside the system itself. For example, consider WireGuard, which includes network attackers in its threat model. So it's not just about attacks from userspace processes on the same system. The patch itself looks good to me though -- thanks! - Eric