Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp1303985pxy; Sat, 1 May 2021 09:28:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0pE5WCQyCsCNqz/34UK2dyGBsRfD5RvR9jMvD2IFzk1ZH2FXFEvr5VW3/cCOwiHdjO1ND X-Received: by 2002:a17:90a:dc81:: with SMTP id j1mr11689456pjv.115.1619886522807; Sat, 01 May 2021 09:28:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619886522; cv=none; d=google.com; s=arc-20160816; b=CWi31f062owN7QYO/g1Wno6FFMhIEWdnqN12bZM9eEl+34fRLbjjinhKCyTLfRzwQI ZJOGKiCkj0vr1HAVVuHKLiRy1GUlaJX6FuJzMbp7zbbx5N8E1b7yHGil/dTlbzqQrPBK Vdg5FetEgIEj9/3AFbTtGetQuYJXkgK8ylPoJCyUVT/zcaFqt151UY20rJoh2OxsaJ+4 mKsS0WiH2SvKbkUP81UBMPOnobbGYMrVlTIAQZhZAx7OJtn6s8t945Gg2MHx/raVnmJn 9G+rMScx/ogY9b+SgFK1yBq0oSvII1Wl1t4Xi4ov1bFyxiZGmmKPpuukSowio1hsdfrG Vbvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:to:subject:message-id :date:from:mime-version:dkim-signature; bh=X7EQHk1MFiO+U2y0WxxifH0LycL4IFSaugVM+DqOF3M=; b=nf+dvJzJqUUi5C2DUAaHisBDWpAnzeeQwnXg0nKDwgGmDDJSCWv87OxNeWuIuI8ZSH +MEFlZQrL/yBLcrkC5NmPssYQ3lqLvS1v90iVgFXMPI6ozyS1StKQWrSQTXQZhvwyH2P sPBY0crUOi6ojLjjQWc/ve/pjdSfzeBWtHV1xbrP0G0n+A24EMwO55KBmbW/lIg4WCTz yGln7mlE0y4nYnGM9wJljZbsDh+zjQRwP4usVeZo1dt3lBx17A+ORgVJaAFn/6kkH11j jHioGlX/uo5dDEjPW6a+zoh7XUl5dkz8o4BU7h+TBoS4mvqGcRwCaXAHSnjru4uATu74 I2bQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=or7F4Umz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v4si7855386ple.156.2021.05.01.09.28.30; Sat, 01 May 2021 09:28:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=or7F4Umz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231624AbhEAQ1g (ORCPT + 99 others); Sat, 1 May 2021 12:27:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:58220 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230391AbhEAQ1g (ORCPT ); Sat, 1 May 2021 12:27:36 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 617EB61450 for ; Sat, 1 May 2021 16:26:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1619886406; bh=tPS5YMSpUbvnf9amJgB2PY1uxjiZW0pwf+nn4c36Ryo=; h=From:Date:Subject:To:From; b=or7F4Umz9+LB76HTM8ZiBB4Gj2gyD0GOhSDDB7eNOXn9t6YUREfyiUE3IyMKZytg0 F/xErSNMeMyjKDVWALyIH5tq4TwoYpad/7U7l1ZPmLqjpxY7lGcQ4wNCE8oy+JfhB9 ZnI88qyXTjKddFVbMVoMyAD5Az70AZT/su6hDHnVFhnKFopujja0cCzIBHIRRp8b1h nL7dvQyZ3pdH1Q3QwurRV60d+47aHwrcKKQLxQ/AvDfBCaIb9k0qoNUB5JX3oK914p 7z11ACKwsBLYXwQR5GRgmEteItEBA52t4Uf/XR2qlOBkKhSNHBUqBqvCUnwj6qwq54 CyoHzNC42TdvQ== Received: by mail-ed1-f51.google.com with SMTP id d14so1521710edc.12 for ; Sat, 01 May 2021 09:26:46 -0700 (PDT) X-Gm-Message-State: AOAM531LeLda0O3tacPLdhiwOHjY1txhAZt17SJsctH+dmQRHquh0cOO Hi62QdoikJHUHPYqDuPyHZYZRv8km+HqaaQ/emQYOw== X-Received: by 2002:aa7:d390:: with SMTP id x16mr8460921edq.172.1619886404906; Sat, 01 May 2021 09:26:44 -0700 (PDT) MIME-Version: 1.0 From: Andy Lutomirski Date: Sat, 1 May 2021 09:26:33 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: =?UTF-8?Q?Do_we_need_to_do_anything_about_=22dead_=C2=B5ops=3F=22?= To: X86 ML , LKML , David Kaplan , Andrew Cooper , David Woodhouse , Josh Poimboeuf , Kees Cook , Jann Horn Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all- The "I See Dead =C2=B5ops" paper that is all over the Internet right now is interesting, and I think we should discuss the extent to which we should do anything about it. I think there are two separate issues: First, should we (try to) flush the =C2=B5op cache across privilege boundaries? I suspect we could find ways to do this, but I don't really see the point. A sufficiently capable attacker (i.e. one who can execute their own code in the dangerous speculative window or one who can find a capable enough string of gadgets) can put secrets into the TLB, various cache levels, etc. The =C2=B5op cache is a nice piece of analysis, but I don't think it's qualitatively different from anything else that we don't flush. Am I wrong? Second, the authors claim that their attack works across LFENCE. I think that this is what's happening: load secret into %rax lfence call/jmp *%rax As I understand it, on CPUs from all major vendors, the call/jmp will gladly fetch before lfence retires, but the address from which it fetches will come from the branch predictors, not from the speculatively computed value in %rax. So this is nothing new. If the kernel leaks a secret into the branch predictors, we have already mostly lost, although we have a degree of protection from the various flushes we do. In other words, if we do: load secret into %rax <-- non-speculative control flow actually gets here lfence call/jmp *%rax then we will train our secret into the predictors but also leak it into icache, TLB, etc, and we already lose. We shouldn't be doing this in a way that matters. But, if we do: mispredicted branch load secret into %rax <-- this won't retire because the branch was mispredicted lfence <-- here we're fetching but not dispatching call/jmp *%rax then the leak does not actually occur unless we already did the problematic scenario above. So my tentative analysis is that no action on Linux's part is required. What do you all think? --Andy