Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751990AbeADBmA (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 3 Jan 2018 20:42:00 -0500
Received: from mail-wr0-f195.google.com ([209.85.128.195]:40469 "EHLO
        mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751512AbeADBl6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Jan 2018 20:41:58 -0500
X-Google-Smtp-Source: ACJfBotbrmgXTtsueKyQ3jQNWVzUgZZsNFGBUbnAlL92/iNWXKj6KIenpxFw8Y7rgjpNAcYoN/zEEg==
Subject: Re: Avoid speculative indirect calls in kernel
To: Linus Torvalds <torvalds@linux-foundation.org>,
        Andi Kleen <andi@firstfloor.org>
Cc: tglx@linuxtronix.de,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        dwmw@amazon.co.uk, Tim Chen <tim.c.chen@linux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Dave Hansen <dave.hansen@intel.com>
References: <20180103230934.15788-1-andi@firstfloor.org>
 <CA+55aFzCocoK+4kxAUEhaxxba4RTv3ewBmhiZ8Osc9iDkBtCEQ@mail.gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <e64025e6-9c4f-703d-cb69-29eeb9cc16bd@redhat.com>
Date: Thu, 4 Jan 2018 02:41:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <CA+55aFzCocoK+4kxAUEhaxxba4RTv3ewBmhiZ8Osc9iDkBtCEQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 04/01/2018 00:51, Linus Torvalds wrote:
> On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@firstfloor.org> wrote:
>> This is a fix for Variant 2 in
>> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>>
>> Any speculative indirect calls in the kernel can be tricked
>> to execute any kernel code, which may allow side channel
>> attacks that can leak arbitrary kernel data.
> 
> Why is this all done without any configuration options?
> 
> A *competent* CPU engineer would fix this by making sure speculation
> doesn't happen across protection domains. Maybe even a L1 I$ that is
> keyed by CPL.

It's not that simple; Andi's patches don't fix this yet, but there's
also the case of context switching, where two processes run in the same
protection domain and still shouldn't be able to interfere with each other.

But then, exactly because the retpoline approach adds quite some cruft
and leaves something to be desired, why even bother?  Intel has also
started releasing microcode updates that basically add some chicken bits
and also let you flush branch predictor state to handle the context
switch case.  Why not just require people to have their microcode
updated, and DTRT from the beginning?

Also, according to Google the KVM PoC can be broken simply by clearing
the registers on every exit to the hypervisor.  Of course it's just
mitigation, but perhaps _that_ is where we should start fixing the
user/kernel boundary too.

Paolo

> I think somebody inside of Intel needs to really take a long hard look
> at their CPU's, and actually admit that they have issues instead of
> writing PR blurbs that say that everything works as designed.
> 
> .. and that really means that all these mitigation patches should be
> written with "not all CPU's are crap" in mind.
> 
> Or is Intel basically saying "we are committed to selling you shit
> forever and ever, and never fixing anything"?
> 
> Because if that's the case, maybe we should start looking towards the
> ARM64 people more.
> 
> Please talk to management. Because I really see exactly two possibibilities:
> 
>  - Intel never intends to fix anything
> 
> OR
> 
>  - these workarounds should have a way to disable them.
> 
> Which of the two is it?
> 
>                    Linus
>