From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Hansen Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation Date: Thu, 25 Jan 2018 14:20:49 -0800 Message-ID: <199a5883-42c7-d25c-0756-c3d4dcdc63ff@intel.com> References: <6c16fc37-bdf2-4925-8114-14f5a08c07e3@default> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: labbott@redhat.com, luto@kernel.org, Janakarajan.Natarajan@amd.com, torvalds@linux-foundation.org, bp@suse.de, asit.k.mallick@intel.com, rkrcmar@redhat.com, karahmed@amazon.de, hpa@zytor.com, mingo@redhat.com, jun.nakajima@intel.com, x86@kernel.org, ashok.raj@intel.com, arjan.van.de.ven@intel.com, tim.c.chen@linux.intel.com, pbonzini@redhat.com, ak@linux.intel.com, linux-kernel@vger.kernel.org, peterz@infradead.org, tglx@linutronix.de, gregkh@linuxfoundation.org, mhiramat@kernel.org, arjan@linux.intel.com, thomas.lendacky@amd.com, dan.j.williams@intel.com, joro@8bytes.org, kvm@vger.kernel.org, aarcange@redhat.com To: Liran Alon , dwmw2@infradead.org Return-path: In-Reply-To: <6c16fc37-bdf2-4925-8114-14f5a08c07e3@default> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 01/23/2018 03:13 AM, Liran Alon wrote: > Therefore, breaking KASLR. In order to handle this, every exit from > kernel-mode to user-mode should stuff RSB. In addition, this stuffing > of RSB may need to be done from a fixed address to avoid leaking the > address of the RSB stuffing itself. With PTI alone in place, I don't see how userspace could do anything with this information. Even if userspace started to speculate to a kernel address, there is nothing at the kernel address to execute: no TLB entry, no PTE to load, nothing. You probably have a valid point about host->guest, though.