From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbonzini@redhat.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 09 Aug
  2018 09:24:58 -0000
Received: from mx3-rdu2.redhat.com ([66.187.233.73] helo=mx1.redhat.com)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <pbonzini@redhat.com>)
	id 1fnhBg-0002pA-Dg
	for speck@linutronix.de; Thu, 09 Aug 2018 11:24:56 +0200
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
 [10.11.54.4])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No
 client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id
 4585481663CE	for <speck@linutronix.de>; Thu,  9 Aug 2018 09:24:50 +0000 (UTC)
Received: from [10.36.117.214] (ovpn-117-214.ams2.redhat.com [10.36.117.214])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AF5312026D68
	for <speck@linutronix.de>; Thu,  9 Aug 2018 09:24:49 +0000 (UTC)
Subject: [MODERATED] Re: [PATCH] SPTE masking
References: 
 <CALMp9eTY2wjoc3yZUC3PyKDVPiiGU6t2fHLUwUxGDh5C5_x+wQ@mail.gmail.com>
 <20180809025756.GD4238@tassilo.jf.intel.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <f793388f-0cae-4007-f4f7-0a2ce32d4376@redhat.com>
Date: Thu, 9 Aug 2018 11:24:47 +0200
MIME-Version: 1.0
In-Reply-To: <20180809025756.GD4238@tassilo.jf.intel.com>
Content-Type: multipart/mixed; boundary="crymed7F2WidTsddj2znt70I0CMkcLnPK"; protected-headers="v1"
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--crymed7F2WidTsddj2znt70I0CMkcLnPK
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 09/08/2018 04:57, speck for Andi Kleen wrote:
>> [PATCH] kvm: x86: Set highest physical address bit in non-present/rese=
rved SPTEs
>>
>> Always set the upper-most supported physical address bit to 1 for SPTE=
s
>> that are marked as non-present or reserved, to make them unusable for
>> L1TF attacks from the guest. Currently, this just applies to MMIO SPTE=
s.
> L1TF only works for cached memory.=20
>=20
> Are you concerned about cacheable MMIO?

No, he's concerned that KVM stores information in SPTEs that point to
guest MMIO (i.e. emulated devices), and that information is
guest-controlled.  But that would only apply to processors with
MAXPHYADDR=3D52.

Paolo


--crymed7F2WidTsddj2znt70I0CMkcLnPK--