[MODERATED] Re: [patch 2/2] Command line and documentation 2

[Jon Masters <jcm@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1523 bytes --]

On 07/09/2018 06:07 PM, speck for Andi Kleen wrote:

>> +Problem
>> +-------
>> +
>> +If an instruction accesses a virtual address for which the relevant page
>> +table entry (PTE) has the present bit cleared, then the speculative
>> +execution can load the data into the speculation flow when the data from

If an instruction accesses a virtual address (performs a load) for which
the corresponding physical address from the relevant Page Table Entry
(PTE) is allocated in the Level 1 Data Cache, then the data in the L1
Data Cache from that physical address may be forwarded to the load
instruction (and its dependents) during speculation, regardless of the
value of the "present" bit in the page table entry.

You can leave most of the rest. The EPT bit is simply a design bug that
layers on the above in how Intel bolted EPT onto the existing walks.

> 
> "load the into the speculation flow" ?
> 
> No idea what that means. I would just drop it.
> 
>> +the physical address which is referenced in the PTE address bits is
>> +available in the Level 1 Data Cache. This is a purely speculative
>> +mechanism and the instruction will raise a page fault when it is retired.
>> +
>> +This creates a window between the load and retirement where speculative
>> +execution can operate on the data and malicious code can use this to create
>> +a side channel to leak the speculated data which was accessed without
>> +permission.

-- 
Computer Architect | Sent from my Fedora powered laptop