From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <mhocko@suse.com>
Received: from mx2.suse.de ([195.135.220.15])	by Galois.linutronix.de with
 esmtps (TLS1.0:DHE_RSA_CAMELLIA_256_CBC_SHA1:256)	(Exim 4.80)	(envelope-from
 <mhocko@suse.com>)	id 1fEAVR-0005Lj-AW	for speck@linutronix.de; Thu, 03 May
 2018 11:26:33 +0200
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 1814DAC9E
	for <speck@linutronix.de>; Thu,  3 May 2018 09:26:22 +0000 (UTC)
Date: Thu, 3 May 2018 11:26:21 +0200
From: Michal Hocko <mhocko@suse.com>
Subject: [MODERATED] Re: Updated L1TF native OS patch
Message-ID: <20180503092621.GE4535@dhcp22.suse.cz>
References: <20180501234247.GA41910@tassilo.jf.intel.com>
 <alpine.LFD.2.21.999.1805011659300.17283@i7.lan>
 <20180502000512.GO75137@tassilo.jf.intel.com>
 <20180502012112.GQ75137@tassilo.jf.intel.com>
 <20180502121420.GB31258@dhcp22.suse.cz>
 <20180502150739.GS75137@tassilo.jf.intel.com>
 <20180502153554.GK26305@dhcp22.suse.cz>
 <20180502160813.GT75137@tassilo.jf.intel.com>
MIME-Version: 1.0
In-Reply-To: <20180502160813.GT75137@tassilo.jf.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Wed 02-05-18 09:08:13, speck for Andi Kleen wrote:
> > > There's nothing the hypervisor can do about this. This
> > > mitigation has to be done in the guest.
> > > 
> > > > Patch 3 seems reasonable but I do not feel confident enough to give my
> > > > ack because I simply have no idea whether some obscure HW depends on the
> > > > zero page.
> > > 
> > > Can you expand? How should hardware depend on it?
> > > 
> > > It certainly cannot write to it, and even reading would be dubious because
> > > the contents are undefined.
> > 
> > Yeah, reads is what I would be worried about. I do not have any specific
> > offender in mind but this is really hard to check for.
> 
> There's no difference for reads. The memory does not go away.
> It can still read it.
> 
> The reservation just guarantees it is never used for any user data.

Yeah, but I am not really sure some virtualization or crap HW has to
have it allocated for RO. Maybe I am too paranoid. Anyway, I am not
saying the patch is wrong, I am just not sure enough to give my ack.
-- 
Michal Hocko
SUSE Labs