From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tim.c.chen@linux.intel.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 21 Feb
  2019 19:26:09 -0000
Received: from mga01.intel.com ([192.55.52.88])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <tim.c.chen@linux.intel.com>)
	id 1gwtyy-0001qk-DG
	for speck@linutronix.de; Thu, 21 Feb 2019 20:26:08 +0100
References: <20190220150753.665964899@linutronix.de>
 <20190220151400.306266355@linutronix.de>
 <20190220171009.GB127@mgross-MOBL.amr.corp.intel.com>
From: Tim Chen <tim.c.chen@linux.intel.com>
Message-ID: <a1fe2d60-ecfd-a017-2c6b-84cc2576fb93@linux.intel.com>
Date: Thu, 21 Feb 2019 11:26:05 -0800
MIME-Version: 1.0
In-Reply-To: <20190220171009.GB127@mgross-MOBL.amr.corp.intel.com>
Subject: [MODERATED] Encrypted Message
Content-Type: multipart/mixed; boundary="390syE1AevCDZ4SxLSmsglWfdOiMtWSUv"; protected-headers="v1"
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--390syE1AevCDZ4SxLSmsglWfdOiMtWSUv
Content-Type: text/rfc822-headers; protected-headers="v1"
Content-Disposition: inline

From: Tim Chen <tim.c.chen@linux.intel.com>
To: speck for mark gross <speck@linutronix.de>
Subject: Re: [patch V2 04/10] MDS basics+ 4

--390syE1AevCDZ4SxLSmsglWfdOiMtWSUv
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 2/20/19 9:10 AM, speck for mark gross wrote:

>> +
>> +      - KGBD

s/KGBD/KGDB

>> +
>> +        If the kernel debugger is accessible by an unpriviledged atta=
cker,
>> +        then the NMI handler is the least of the problems.
>> +

=2E..

>=20
> However; if I'm being pedantic, the attacker not having controlability =
aspect
> of your argument can apply to most aspects of the MDS vulnerability.  I=
 think
> that's why its name uses "data sampling".  Also, I need to ask the chip=
 heads
> about if this list of NMI's is complete and can be expected to stay tha=
t way
> across processor and platfrom generations.
>=20
> --mark
>=20


I don't think any of the code paths listed touches any user data.  So eve=
n
if an attacker have some means to control NMI, he won't get any useful da=
ta.

Thanks.

Tim=20



--390syE1AevCDZ4SxLSmsglWfdOiMtWSUv--