Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6539940imu;
        Mon, 21 Jan 2019 10:39:10 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4nojTVqgw61jDGJ5ZKxPXQXrh5nafISRbWlJdgyoVpD/P+bivcpqrukR7hzRMLFk9F6P0Z
X-Received: by 2002:a17:902:3181:: with SMTP id x1mr30979947plb.58.1548095950401;
        Mon, 21 Jan 2019 10:39:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548095950; cv=none;
        d=google.com; s=arc-20160816;
        b=c/Ty99E/7nilZ9M1VGHt6Pb70ymz5o+wdXlPQYmGcu9LToZKmKCf1kG/ScIRlX53S1
         QOwkrDH7CbHFp8+xTZrCYJhfItIU6h6AFtYBwocULiVVc8NvOPZH5GKv0UBiBzw5bpjt
         QbpmXI1BslIr2ZEGgxNyFogw4FQXhbqUZ1zL7cVLKDYE7wmsNApdyZHGFZPo2RETG0Bc
         itvp9pRU20eJy8JD5IzDkLpfUkkMKlM+wKMwiUKVhix9nAr288xOfqeeFqospvslr8VE
         P0VpVkTCiTY7ZHKmc6Y6rc6SYUzef58h//1obHmOn56ltEb/sZGHHcnLcsFqpzw8Ip74
         6iGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=/nLN9LE5RPlApZ0WN3kU+u/nIYZrzFu2OGMmR93jkOk=;
        b=tPug4QBKYPcL1ppl6blymogR1G6gQW9mLzJQsej+Pav1zu8pdW86W4Y3Hc9Gp6MW8j
         VURiNhEKELgBQRIAqN8CLxxa5hKWpSK0y8XgxuYR7x8KSvLGGUl/AoN9V+XjSccMpHMs
         w4qDHMbwQHbKxuvLnmXf0IgP+4SnWzAGjl1qn2wFB9jFZXFsLq8vNDPsghWLj/XwGmzR
         aE3QndZ+MJrIhI3TvqmLYwqDIYn+UryT4te5CBlzC2CtuS0O7ZoyKtZvQmUDauROQZVM
         55t2S7QDwIy1xmQBopmh73VDKdht7MKs65K8HTZSjrdTDow23z4aguhS037a82JSmx1p
         WUJg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k16si13136429pls.124.2019.01.21.10.38.54;
        Mon, 21 Jan 2019 10:39:10 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728353AbfAUSgU (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Mon, 21 Jan 2019 13:36:20 -0500
Received: from mga18.intel.com ([134.134.136.126]:16099 "EHLO mga18.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727358AbfAUSgU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Jan 2019 13:36:20 -0500
X-Amp-Result: UNSCANNABLE
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jan 2019 10:36:19 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,503,1539673200"; 
   d="scan'208";a="127480945"
Received: from tassilo.jf.intel.com (HELO tassilo.localdomain) ([10.7.201.137])
  by FMSMGA003.fm.intel.com with ESMTP; 21 Jan 2019 10:36:18 -0800
Received: by tassilo.localdomain (Postfix, from userid 1000)
        id 6743F301202; Mon, 21 Jan 2019 10:36:18 -0800 (PST)
Date:   Mon, 21 Jan 2019 10:36:18 -0800
From:   Andi Kleen <ak@linux.intel.com>
To:     Julian Stecklina <jsteckli@amazon.de>
Cc:     linux-kernel@vger.kernel.org,
        David Woodhouse <dwmw2@infradead.org>,
        Liran Alon <liran.alon@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Linus Torvalds <torvalds@linux-foundation.org>, x86@kernel.org,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [RFC] x86/speculation: add L1 Terminal Fault / Foreshadow demo
Message-ID: <20190121183618.GP6118@tassilo.jf.intel.com>
References: <1548076208-6442-1-git-send-email-jsteckli@amazon.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1548076208-6442-1-git-send-email-jsteckli@amazon.de>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> + 	/* Check the start address: needs to be page-aligned.. */
> +-	if (start & ~PAGE_MASK)
> ++	if (start & ~PAGE_MASK) {
> ++
> ++		/*
> ++		 * XXX Hack
> ++		 *
> ++		 * We re-use this error case to show case a cache load gadget:
> ++		 * There is a mispredicted branch, which leads to prefetching
> ++		 * the cache with attacker controlled data.
> ++		 */
> ++		asm volatile (

Obviously that can never be added to a standard kernel.

And I don't see much point in shipping test cases that require non
standard kernel patching. The idea of shipping test cases is that
you can easily test them, but in this form it can't.

Also even without that problem, not sure what benefit including such a thing 
would have.

If you want to improve regression test coverage, it would be far better to have
test cases which do more directed unit testing against specific software 
parts of the mitigation.

For example some automated testing that the host page tables are inverted as
expected for different scenarios. I checked that manually during development,
but something automated would be great as a regression test. It would
need some way to translate VA->PA in user space.

Or have some tests that run test cases with PT or the MSR tracer with
a guest and automatically check that the MSR writes for VM entries are in
the right location.

-Andi