From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ak@linux.intel.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 26 Nov
  2019 00:54:22 -0000
Received: from mga04.intel.com ([192.55.52.120])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <ak@linux.intel.com>)
	id 1iZP7V-0007vn-2R
	for speck@linutronix.de; Tue, 26 Nov 2019 01:54:21 +0100
Date: Mon, 25 Nov 2019 16:54:17 -0800
From: Andi Kleen <ak@linux.intel.com>
Subject: [MODERATED] Re: LVI
Message-ID: <20191126005417.GG84886@tassilo.jf.intel.com>
References: <20191119174008.7dbymix2eo4mrv57@treble>
MIME-Version: 1.0
In-Reply-To: <20191119174008.7dbymix2eo4mrv57@treble>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>


Hi Folks,

We (well Tony, but he's currently on vacation) did a lot of analysis on LVI and we
concluded the kernel does not need any new changes. That's why you didn't see any
patches from Intel on this.

Longer story: 

Assists are somewhat messy and can happen in many circumstances. However most
are rare and hard to trigger, so if you get them they're typically not usable
for a high loop count practical side channel. The main exception is the page A/D
assist which can be triggered in the kernel by *_user()

*_user is protected by STAC/CLAC already and those have strong enough semantics
to stop an LVI attack outside the uaccess region. But of course there are CPUs
(pre BDW) which don't have STAC/CLAC.

But to do anything with LVI you need a Spectre v1 style read gadget. Without 
a gadget the attack is not feasible. And those gadgets are usually Spectre v1
problems, so they would need to be fixed anyways.

We already spent a lot of time looking for those in the past and fixing the few
found. Tony did an additional full tree audit, and the only additional case
found was in Infiniband. The patch for this is already upstream for some time
("61f259821dd3306e49: IB/core: Add mitigation for Spectre V1")

So in summary, on modern CPUs (BDW+) STAC/CLAC mitigates LVIs, and on older CPUs the
Spectre V1 mitigation.

The only real active (and messy) mitigation for LVI needed is when you're creating
SGX enclaves, but I assume noone here is interested in that.

-Andi