Hi Linus, On Wed, Jan 03, 2018 at 03:51:35PM -0800, Linus Torvalds wrote: > On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <a...@firstfloor.org> wrote: > > This is a fix for Variant 2 in > > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > > > Any speculative indirect calls in the kernel can be tricked > > to execute any kernel code, which may allow side channel > > attacks that can leak arbitrary kernel data. > > Why is this all done without any configuration options?
I was thinking of a config option, but I was struggling with a name. CONFIG_INSECURE_KERNEL, CONFIG_LEAK_MEMORY? And should it be positive or negative? So I opted to be secure uncontionally. It would be simple to add however, all hooks are either in the Makefile or in asm/jump-asm.h > - these workarounds should have a way to disable them. > There will be soon patches to add other ways and they have a way to patch out most of the retpoline overhead at runtime (basically replace the trampoline with a pure ret) We just wanted to get the retpoline code out first because it's the most basic and widest applicable fix. -Andi