Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp499339imm; Mon, 4 Jun 2018 22:56:18 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJRpuYqGPL0sZEJzWwDQORuZbr7TkQqWIpiUHSC3OA1MNH81vku+1blalOtxIbhjdyjOYCm X-Received: by 2002:a62:660a:: with SMTP id a10-v6mr11021535pfc.156.1528178178668; Mon, 04 Jun 2018 22:56:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528178178; cv=none; d=google.com; s=arc-20160816; b=MXrY3emyiek87KUIJozfyuJdoBaOwWckr4M+tYrQHAxiTlEMraoKtrHjwqDTxkBmgI JHAtQF+N2HxsbTSvVUsCiOVFJfV6jbZgk1wdJUpDIYcUaVoliypeOgESeN8UgDQNZHJQ IIelRIOM2I5eH5SGNoOKkvI5i4FTijcW6jLb58/XESwpDkM0Wsd8SW8Fqv1TgH5TzQ16 JQvTuSNO0+yqecbgmhQCDtxFDlDGp/hhWHGXdSKscQ86GoX5go5lbmdQI+Z3CTBCcDJi 3Dx7z+1s1FqjaXqQfyrBa00ffHUB/FP9EEjdbDYAVtW0rx6n4fbjV/psEdn2dVVQjHm6 p/OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject :arc-authentication-results; bh=xK/Hn0mqOPkIFLeRAutNKBQTFGbvu4NR1+IFH7MVgqk=; b=xHP8YUXEay4TM6k9u+qJk8kz9dldDXKPmcpZBYs3Fv9lQjUEz8XX28BUuoeFiwMcVx V0wgqoIafSsUj/Lbza6BMvq0LTcQL4P2GvS1Fby6qQNqauc9XOZ524pFaUuKohybcVAc vgN7sW6meLeSR3gPBOuSF/jxqCiVV7bP3yAuaZUVY/jdTTap2P5uadUQ3FYu70eg9oEt /ME91+yVarobH+KZFyjyLWECEXzBZKwlodv73rTQkaPkjjvsyJa6+z+HxMJTHNMaX8XY i9q+o8OKzFrttrpbG0Uk0NKt1Vgx8T7CAehu2iQ5+kZGk3xJvf9BCKwmtuvCJIxoRtuI O2Hw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r12-v6si9249081pgp.39.2018.06.04.22.56.04; Mon, 04 Jun 2018 22:56:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751692AbeFEFze (ORCPT + 99 others); Tue, 5 Jun 2018 01:55:34 -0400 Received: from mout3.freenet.de ([195.4.92.93]:38964 "EHLO mout3.freenet.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751578AbeFEFzc (ORCPT ); Tue, 5 Jun 2018 01:55:32 -0400 Received: from [195.4.92.142] (helo=mjail2.freenet.de) by mout3.freenet.de with esmtpa (ID andihartmann@freenet.de) (port 25) (Exim 4.90_1 #2) id 1fQ4wL-0002oe-NO; Tue, 05 Jun 2018 07:55:29 +0200 Received: from [::1] (port=54158 helo=mjail2.freenet.de) by mjail2.freenet.de with esmtpa (ID andihartmann@freenet.de) (Exim 4.90_1 #2) id 1fQ4wL-0000zS-JQ; Tue, 05 Jun 2018 07:55:29 +0200 Received: from mx9.freenet.de ([195.4.92.19]:46556) by mjail2.freenet.de with esmtpa (ID andihartmann@freenet.de) (Exim 4.90_1 #2) id 1fQ4uO-0008Fg-NF; Tue, 05 Jun 2018 07:53:28 +0200 Received: from p200300de53d71800505400fffe15ac42.dip0.t-ipconnect.de ([2003:de:53d7:1800:5054:ff:fe15:ac42]:45556 helo=mail.maya.org) by mx9.freenet.de with esmtpsa (ID andihartmann@freenet.de) (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (port 465) (Exim 4.90_1 #2) id 1fQ4uO-0006Sg-B3; Tue, 05 Jun 2018 07:53:28 +0200 Received: internal info suppressed Subject: Re: Spectre mitigation doesn't seem to work at all?! To: Alan Cox Cc: Peter Zijlstra , LKML References: <141672d1-8dcb-9a84-7f8f-60c7a2c58b07@01019freenet.de> <20180604081502.GE12258@hirez.programming.kicks-ass.net> <20180604151251.1fb34793@alans-desktop> From: Andreas Hartmann Openpgp: preference=signencrypt Autocrypt: addr=andihartmann@01019freenet.de; keydata= xsDiBDz/vtQRBAC+OSpes1p57fA8ENLYy3Nl/CpEvtRoDdhy7DPyc1+adE57vpK52naRfaZB f0RSMvIZwJYggMio+emiN5Du7kL9y2IEjmHBvp/1x68dEwswHP9X4hJmHmyOJL3IB2WsvEdh QF97913bWX34MYCeuOoSJ1OWvBLGfNs0zv70HOTfJwCgricyy8N1itEryLwoeu5HWz0SmDED /2IiuDhPZ332i0Ylp40RQb2Wb0xBvpscVeRZDItsYYbJ/Sgmso1sn93sFFWmmrvGUyg3MNCt +u+7P8Wg3VXte8cHbNwdzNtXHTfYyTcgZXC4xJN2akZt4pdR531mXyP2kFxmKtAEmW6bNpvV oNnkgZVWvoT4BHLloLzA62JUEgFJA/9dHilAVS3Ezv5ECB02Lt2vNNzMvPlyNbxBhWnrb6VC mFMCRg9bOK2io1zYb8C4gEpJ33wl8hEBxOWfCOEEKesAUCjViosNvxqGNtGWjk5p1O2QBWE2 D6u5+itACQRqhmmgNl+dK6Of2yGG9GxOYWozIELEfL9ZB4xQ7A2tDFR0Zs1HQW5kcmVhcyBI YXJ0bWFubiAod2VpbCBkZXIgUmVjaG5lciBuZXUgaGVpc3N0KSA8YW5kcmVhc0BkdWFsYy5t YXlhLm9yZz7CYAQTEQIAIAUCTMsY3gIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBhU mcTgYeNVT1QAoJ4cJ2jl6Jgmi+PmWCXPk4m8lgAGAKCjkxgK/PjE3+cNsLa/xEpReqYwRs7A TQQ8/77WEAQAqBBex8oxPC1srpaSFbq8NCM/Gy7SKucKsQPqG/De46WQESbmnMElVft2xCBC rOJ7E02k10h/twe0yQnNdXMJDMDM0w0EEyX9ljekIr3SFbXpU2S4wUl3C6CW2hizUgOyLsg0 chpfGMB9+wiVycyjZahafoc14wuuDj5BqWEOCccAAwcD/14lh1PTPKx4hs7ITtFZh5TI6+5f xAWIBBUeQL+GEt+CKwyNc/hWp8YTPJ3SAedmDrEMX+2yPO95KeIfg6bnnIVvI/aTR/vJFsWK GKMx+KaKx+IEwuhCpNIMUASpJWRvVlo3lMIvqAMJIBj79uKq/X9fppblcJst29QVO6aWf3Gh wkYEGBECAAYFAjz/vtYACgkQGFSZxOBh41VBAgCfZRiPCQ+jNvdT5iR2fEblqTtBrF0An0nb M8B1Lpkm44214BbtIQKneVrY Message-ID: <55e879f4-57c1-dc55-74ba-b1845cd5ded5@01019freenet.de> Date: Tue, 5 Jun 2018 07:53:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180604151251.1fb34793@alans-desktop> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.7 required=5.0 tests=ALL_TRUSTED,PLING_QUERY autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.maya.org X-Spam-score: -3.8 X-Spamreport: Action: no action Symbol: ASN(0.00) Symbol: SUBJECT_ENDS_EXCLAIM(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: MIME_GOOD(-0.10) Symbol: RCVD_TLS_ALL(0.00) Symbol: MID_RHS_MATCH_FROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: FROM_EQ_ENVFROM(0.00) Symbol: BAYES_HAM(-0.68) Symbol: SUBJECT_HAS_QUESTION(0.00) Symbol: TO_DN_ALL(0.00) Symbol: NEURAL_HAM(-2.97) Symbol: RCVD_VIA_SMTP_AUTH(0.00) Message-ID: 55e879f4-57c1-dc55-74ba-b1845cd5ded5@01019freenet.de X-FN-Spambar: X-Originated-At: 2003:de:53d7:1800:5054:ff:fe15:ac42!45556 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/04/2018 at 04:12 PM Alan Cox wrote: >> A malicious program most probably won't care about that. Therefore, my >> next question is: which memory regions can be exploited by a malicious >> program? The complete physical memory or only the memory provided to the >> malicious program? Should be the latter if this approach should have any >> impact. > > Spectre is not about memory regions. It's about speculative execution > leaving measurable footprints. What footprints you leave depend upon what > code you are executing. Thus the question becomes 'what can the target > access'. > > In order to attack something you need both a way to influence the code > concerned and a way to measure it. In addition it needs to have some > secret you want. > > In practice that usually means something on the same system with its own > memory space/privilege level. The usual cases then are user<->kernel and > managed application<->runtime. Would this be a practical test case: Gather keys and passwords used by a ssh login by running a malicious program in parallel to sshd as another ordinary user w/o root access. Thanks, Andreas