From mboxrd@z Thu Jan  1 00:00:00 1970
From: Liran Alon <liran.alon@oracle.com>
Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict
 Indirect Branch Speculation
Date: Thu, 25 Jan 2018 18:50:27 -0800 (PST)
Message-ID: <23aae227-461c-4d0d-8ccb-df01bae98b2e@default>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: <labbott@redhat.com>, <luto@kernel.org>,
        <Janakarajan.Natarajan@amd.com>, <torvalds@linux-foundation.org>,
        <bp@suse.de>, <asit.k.mallick@intel.com>, <rkrcmar@redhat.com>,
        <karahmed@amazon.de>, <hpa@zytor.com>, <mingo@redhat.com>,
        <jun.nakajima@intel.com>, <x86@kernel.org>, <ashok.raj@intel.com>,
        <arjan.van.de.ven@intel.com>, <tim.c.chen@linux.intel.com>,
        <pbonzini@redhat.com>, <ak@linux.intel.com>,
        <linux-kernel@vger.kernel.org>, <dwmw2@infradead.org>,
        <peterz@infradead.org>, <tglx@linutronix.de>,
        <gregkh@linuxfoundation.org>, <mhiramat@kernel.org>,
        <arjan@linux.intel.com>, <thomas.lendacky@amd.com>,
        <dan.j.williams@intel.com>, <joro@8bytes.org>,
        <kvm@vger.kernel.org>, <aarcange@redhat.com>
To: <dave.hansen@intel.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org


----- dave.hansen@intel.com wrote:

> On 01/25/2018 06:11 PM, Liran Alon wrote:
> > It is true that attacker cannot speculate to a kernel-address, but
> it
> > doesn't mean it cannot use the leaked kernel-address together with
> > another unrelated vulnerability to build a reliable exploit.
>=20
> The address doesn't leak if you can't execute there.  It's the same
> reason that we don't worry about speculation to user addresses from
> the
> kernel when SMEP is in play.

Maybe I misunderstand BTB & BHB internals. Will be glad if you could pinpoi=
nt my error.

Google P0 blog-post (https://googleprojectzero.blogspot.co.il/2018/01/readi=
ng-privileged-memory-with-side.html) claims that BTB & BHB only use <31 low=
 bits of the address of the source instruction to lookup into the BTB. In a=
ddition, it claims that the higher bits of the predicated destination chang=
e together with the higher bits of the source instruction.

Therefore, it should be possible to leak the low bits of high predicition-m=
ode code BTB/BHB entries from low prediction-mode code. Because the predict=
ed destination address will reside in user-space.

What am I missing?

Thanks,
-Liran