From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ak@linux.intel.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 18 Jul
  2018 19:36:58 -0000
Received: from mga18.intel.com ([134.134.136.126])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <ak@linux.intel.com>)
	id 1ffsFs-0003oU-3q
	for speck@linutronix.de; Wed, 18 Jul 2018 21:36:57 +0200
Date: Wed, 18 Jul 2018 12:36:37 -0700
From: Andi Kleen <ak@linux.intel.com>
Subject: [MODERATED] Re: L!TF Bulletin #4: The state of the horrors
Message-ID: <20180718193637.GH25412@tassilo.jf.intel.com>
References: <alpine.DEB.2.21.1807131608360.2171@nanos.tec.linutronix.de>
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.21.1807131608360.2171@nanos.tec.linutronix.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

> Thanks everyone involved for patches, testing, review and entertaining
> discussions!

Just looking through the patches again. Thanks for implementing
the dynamic control.

+3.2. EPT not supported or disabled
+""""""""""""""""""""""""""""""""""
+
+  If EPT is not supported by the processor or disabled in the hypervisor,
+  the system is fully protected. SMT can stay enabled and L1D flushing on
+  VMENTER is not required.

AFAIK we're still missing a patch to ensure that the shadow page tables
are actually inverted if needed, or did I miss it? 

The code just copies the original currently I think, which means
the shadow is as attackable as the original.

Rest looks good to me.

-Andi