Re: Wake-up from suspend to RAM broken under `retbleed=stuff`

From: Andrew Cooper
Date: Wed Jan 11 2023 - 17:08:12 EST

Next message: Philipp Hortmann: "Re: [PATCH] staging: r8188eu: remove NULL check for usb_kill_urb"
Previous message: Florian Fainelli: "Re: [PATCH net-next v6 1/6] dsa: lan9303: align dsa_switch_ops members"
In reply to: Jan Beulich: "Re: Wake-up from suspend to RAM broken under `retbleed=stuff`"
Next in thread: Juergen Gross: "Re: Wake-up from suspend to RAM broken under `retbleed=stuff`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/01/2023 11:45 am, Jan Beulich wrote:
> On 11.01.2023 12:39, Andrew Cooper wrote:
>> The bigger issue with stuff accounting is that nothing AFAICT accounts
>> for the fact that any hypercall potentially empties the RSB in otherwise
>> synchronous program flow.
> But that's not just at hypercall boundaries, but effectively anywhere
> (i.e. whenever the hypervisor decides to de-schedule the vCPU)?

Correct, but it's only the RET instructions that reliably underflow the
RSB which can be usefully attacked.

The %rip at which Xen decides to de-schedule a vCPU are random from the
point of view of an attacker.

~Andrew

Next message: Philipp Hortmann: "Re: [PATCH] staging: r8188eu: remove NULL check for usb_kill_urb"
Previous message: Florian Fainelli: "Re: [PATCH net-next v6 1/6] dsa: lan9303: align dsa_switch_ops members"
In reply to: Jan Beulich: "Re: Wake-up from suspend to RAM broken under `retbleed=stuff`"
Next in thread: Juergen Gross: "Re: Wake-up from suspend to RAM broken under `retbleed=stuff`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]