Received: by 10.223.176.46 with SMTP id f43csp107513wra; Thu, 25 Jan 2018 18:24:35 -0800 (PST) X-Google-Smtp-Source: AH8x225gR05DAqORx16mKGA24JkaRof+ZiWeUOXqz2ADxVWgw5Nq7BzG79j92sd0bAkJ7RlcLqvi X-Received: by 2002:a17:902:b947:: with SMTP id h7-v6mr13097849pls.82.1516933475863; Thu, 25 Jan 2018 18:24:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516933475; cv=none; d=google.com; s=arc-20160816; b=wZJ8TzXPvzsFJFQwmsofxZUHTN8ROXCIl9G5z0nih9osjHoQRwRzuiSAz5QUfpiLyW V8UluS3XkQgvzy2DEnN1+9NygOmY2Ageum4ihBvb0tPO0FyHFLgmbpf7H9NO5t+NUxtB GjHtEqwH5V3qh+KLdBQqPFADXYf91dfray/pYUCBqYyqwwt7s3rf0JhrRztFIXVcnrpU ExFKFeLtKHSKK/+75Ob8ZWnYz0rTX83uNYtEAnbhBgfB40rPTfqsVO5wYOViRcSrk/84 UgbfNcBkDIf3m8AVD2OYgiiKEOcBRAsM9AV/3mE7MKl/jd5/QGE7kMtMl/FAQmrHIlUP 179g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:cc:references:to:subject:arc-authentication-results; bh=M1LTYqhr+EbrTHv4AF0WAfHV+V8/3PJg0Pvs1/mQrEg=; b=gq667JxYrLA8pIrmMr/oLOym7/JVBRiaeEAjBsKrh29HwwO79Ag8xGTcVrGr5LO3tb kRpogAttIDeoKDIwJ76nYsvBI7yTGRQrQDAvfTeRwN+m6vPThimkJQFl78EoFo7xxrAE 2psUA4HjZW0gzVFHh+LxSEIMLxz5z9kUZtcnGQGpFxG9xuKHHM1sonBRXrDw9cVO7vKJ QPKjM9tI4uSVtw0ScyYcPwniFWe+gmb+oMAdxXV7WfPXKQkla/YPcbs/zOmcVheQpFk6 WouzpBxkenD+J65sdQu88XKrJGGrBJ9ytFmZS0ynvDt7S+n80BtnBNYRWaDNdCpiwAqL QnCw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z17-v6si2951947plo.794.2018.01.25.18.24.20; Thu, 25 Jan 2018 18:24:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751596AbeAZCXx (ORCPT + 99 others); Thu, 25 Jan 2018 21:23:53 -0500 Received: from mga11.intel.com ([192.55.52.93]:22907 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751432AbeAZCXw (ORCPT ); Thu, 25 Jan 2018 21:23:52 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jan 2018 18:23:52 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,414,1511856000"; d="scan'208";a="12704227" Received: from dwmarks1-mobl.amr.corp.intel.com (HELO [10.254.73.116]) ([10.254.73.116]) by orsmga007.jf.intel.com with ESMTP; 25 Jan 2018 18:23:51 -0800 Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation To: Liran Alon References: <7c0b0879-3448-43e4-8380-4708fc787113@default> Cc: labbott@redhat.com, luto@kernel.org, Janakarajan.Natarajan@amd.com, bp@suse.de, torvalds@linux-foundation.org, asit.k.mallick@intel.com, rkrcmar@redhat.com, karahmed@amazon.de, hpa@zytor.com, jun.nakajima@intel.com, mingo@redhat.com, x86@kernel.org, ashok.raj@intel.com, arjan.van.de.ven@intel.com, tim.c.chen@linux.intel.com, pbonzini@redhat.com, ak@linux.intel.com, linux-kernel@vger.kernel.org, dwmw2@infradead.org, peterz@infradead.org, tglx@linutronix.de, gregkh@linuxfoundation.org, mhiramat@kernel.org, arjan@linux.intel.com, thomas.lendacky@amd.com, dan.j.williams@intel.com, joro@8bytes.org, aarcange@redhat.com, kvm@vger.kernel.org From: Dave Hansen Message-ID: <50c5d627-8975-184b-b50f-4cc02c5816c5@intel.com> Date: Thu, 25 Jan 2018 18:23:51 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <7c0b0879-3448-43e4-8380-4708fc787113@default> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/25/2018 06:11 PM, Liran Alon wrote: > It is true that attacker cannot speculate to a kernel-address, but it > doesn't mean it cannot use the leaked kernel-address together with > another unrelated vulnerability to build a reliable exploit. The address doesn't leak if you can't execute there. It's the same reason that we don't worry about speculation to user addresses from the kernel when SMEP is in play.