From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 22 Feb 2019 00:46:57 -0000 Received: from smtp.ctxuk.citrix.com ([185.25.65.24] helo=SMTP.EU.CITRIX.COM) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gwyzP-0000GI-Nl for speck@linutronix.de; Fri, 22 Feb 2019 01:46:56 +0100 Subject: [MODERATED] Re: [patch V3 5/9] MDS basics 5 References: <20190221234431.922117624@linutronix.de> <20190221235534.821554289@linutronix.de> From: Andrew Cooper Message-ID: <7e028ea7-dcc7-e931-a888-df60f69a348c@citrix.com> Date: Fri, 22 Feb 2019 00:46:46 +0000 MIME-Version: 1.0 In-Reply-To: <20190221235534.821554289@linutronix.de> Content-Type: multipart/mixed; boundary="3qsLoCuqFpB9LSYhJQ47dpYuPheE0pH2s"; protected-headers="v1" To: speck@linutronix.de List-ID: --3qsLoCuqFpB9LSYhJQ47dpYuPheE0pH2s Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-GB On 21/02/2019 23:44, speck for Thomas Gleixner wrote: > + There is one non maskable exception which returns through paranoid = exit > + and is not mitigated: #DF. If user space is able to trigger a doubl= e > + fault the possible MDS leakage is the least problem to worry about.= What about espfix64?=C2=A0 An IRET fault from that ends up at #DF, and purposefully recovers.=C2=A0 It is trigger-able from at least modify_ldt(= ). The #DF path is normally fatal, but in the cases that it's not, an extra VERW isn't going to be the slow part. ~Andrew --3qsLoCuqFpB9LSYhJQ47dpYuPheE0pH2s--