From: Andi Kleen <ak@linux.intel.com>
To: Julian Stecklina <jsteckli@amazon.de>
Cc: linux-kernel@vger.kernel.org,
David Woodhouse <dwmw2@infradead.org>,
Liran Alon <liran.alon@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
x86@kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [RFC] x86/speculation: add L1 Terminal Fault / Foreshadow demo
Date: Mon, 21 Jan 2019 10:36:18 -0800 [thread overview]
Message-ID: <20190121183618.GP6118@tassilo.jf.intel.com> (raw)
In-Reply-To: <1548076208-6442-1-git-send-email-jsteckli@amazon.de>
> + /* Check the start address: needs to be page-aligned.. */
> +- if (start & ~PAGE_MASK)
> ++ if (start & ~PAGE_MASK) {
> ++
> ++ /*
> ++ * XXX Hack
> ++ *
> ++ * We re-use this error case to show case a cache load gadget:
> ++ * There is a mispredicted branch, which leads to prefetching
> ++ * the cache with attacker controlled data.
> ++ */
> ++ asm volatile (
Obviously that can never be added to a standard kernel.
And I don't see much point in shipping test cases that require non
standard kernel patching. The idea of shipping test cases is that
you can easily test them, but in this form it can't.
Also even without that problem, not sure what benefit including such a thing
would have.
If you want to improve regression test coverage, it would be far better to have
test cases which do more directed unit testing against specific software
parts of the mitigation.
For example some automated testing that the host page tables are inverted as
expected for different scenarios. I checked that manually during development,
but something automated would be great as a regression test. It would
need some way to translate VA->PA in user space.
Or have some tests that run test cases with PT or the MSR tracer with
a guest and automatically check that the MSR writes for VM entries are in
the right location.
-Andi
next prev parent reply other threads:[~2019-01-21 18:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-21 13:10 [RFC] x86/speculation: add L1 Terminal Fault / Foreshadow demo Julian Stecklina
2019-01-21 18:36 ` Andi Kleen [this message]
2019-01-21 19:15 ` Greg KH
2019-01-21 20:42 ` Kees Cook
2019-01-22 14:34 ` Julian Stecklina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190121183618.GP6118@tassilo.jf.intel.com \
--to=ak@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=jsteckli@amazon.de \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox