Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3655841imm;
        Mon, 4 Jun 2018 07:15:39 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKKtHVS4DgEOepKHyuvBVIOpm2HhGopDD8A6+v7KKSxBBpR5hKA3/yeVurujzDA3r3kFzTV7
X-Received: by 2002:a65:438a:: with SMTP id m10-v6mr17770415pgp.315.1528121739726;
        Mon, 04 Jun 2018 07:15:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528121739; cv=none;
        d=google.com; s=arc-20160816;
        b=QyChoVN75IIXkKuoOm/IfadCKNdgIcWLU6GF2BPQ7HuqT7K3hQD7njCe7y8fGgVGo2
         JQg5CR1xmZQTDc84WIRGfDwJeqdTH3Nk7TyVF5ATqeCzovcmKPnRJrGN8POgJcJG2DdO
         ubkvTP0I/lpTpHqkzVS4IjjoLAb5m6G4bTlCcqnwURCogCiFkwRxsbhxVnaAVVSI5Erm
         33Qglxj3+qYZNie1TJ/vRthzKHBR2VnOmuoGnaEDqzm/IDjHWwB+8UtHaZ0obIE1Td0b
         vQhs6wwHCK4FMMEhEZy8m2He2j/br8KGX7KOfyVCZrsWG9iQgIiPfR0X+RG/RsxDyzCF
         frMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date:arc-authentication-results;
        bh=98cT5tEtNNGtm3636TKduF0XPekzSJZ8VC97X0Bt5YA=;
        b=DldK30AFdLiHVSpj8IK0ox01zaXmLHEawyOYjXcoH52SNUQlhLcGd0TA8AqXuUyXkd
         WYnK9u4SkfPdjvyyHbuCKXDh9hdKtAlQM9Z5F36/TwNQkdV5u2pNqJHNz9DQlOkT/NEq
         OHqnOpLylOSpHbR3dAVjWFoZk78r7zSOHFn6xrZjqwv32BqTf64EVrPZ/ZKHm1FLUCNV
         FlzUj4FmO2Egq/a7LPkoSiQboiY8SLTBYYYjnYfNKqcqI/KsIeP+0zt1nX3ww/Wd8IR1
         vUn2+1RPlvxsorybWl8lNgFVQRbcVIuLYSe3gGoxx3SAI9OxQm5WI584eyZGpMN8yPlt
         TSVg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t184-v6si45345682pfb.98.2018.06.04.07.15.24;
        Mon, 04 Jun 2018 07:15:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753912AbeFDONM (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 4 Jun 2018 10:13:12 -0400
Received: from www.llwyncelyn.cymru ([82.70.14.225]:56628 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753557AbeFDONK (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Jun 2018 10:13:10 -0400
Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226])
        by fuzix.org (8.15.2/8.15.2) with ESMTP id w54ECqKS023252;
        Mon, 4 Jun 2018 15:12:52 +0100
Date:   Mon, 4 Jun 2018 15:12:51 +0100
From:   Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To:     Andreas Hartmann <andihartmann@freenet.de>
Cc:     Peter Zijlstra <peterz@infradead.org>,
        LKML <linux-kernel@vger.kernel.org>
Subject: Re: Spectre mitigation doesn't seem to work at all?!
Message-ID: <20180604151251.1fb34793@alans-desktop>
In-Reply-To: <d8fbee2d-305a-9fc0-356e-b8d4cbd59dbd@maya.org>
References: <141672d1-8dcb-9a84-7f8f-60c7a2c58b07@01019freenet.de>
        <20180604081502.GE12258@hirez.programming.kicks-ass.net>
        <d8fbee2d-305a-9fc0-356e-b8d4cbd59dbd@maya.org>
Organization: Intel Corporation
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.32; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> A malicious program most probably won't care about that. Therefore, my
> next question is: which memory regions can be exploited by a malicious
> program? The complete physical memory or only the memory provided to the
> malicious program? Should be the latter if this approach should have any
> impact.

Spectre is not about memory regions. It's about speculative execution
leaving measurable footprints. What footprints you leave depend upon what
code you are executing. Thus the question becomes 'what can the target
access'.

In order to attack something you need both a way to influence the code
concerned and a way to measure it. In addition it needs to have some
secret you want.

In practice that usually means something on the same system with its own
memory space/privilege level. The usual cases then are user<->kernel and
managed application<->runtime.

Thus it's very different to meltdown style attacks.

If you are actually worried about this you should probably also read up
on more general cache prime/probe attacks and cache profiling (things
like the ARMageddon paper are worth reading - and while it was done on
ARM much of it is generic to most modern processors), as well as timing
attacks.

Alan