On Fri, Jul 29, 2022 at 10:40:20AM +0000, David Laight wrote: > From: Pawan Gupta > > Sent: 29 July 2022 03:29 > > > > On Thu, Jul 28, 2022 at 02:00:13PM +0200, Borislav Petkov wrote: > > > On Thu, Jul 14, 2022 at 06:30:18PM -0700, Pawan Gupta wrote: > > > > Older CPUs beyond its Servicing period are not listed in the affected > > > > processor list for MMIO Stale Data vulnerabilities. These CPUs currently > > > > report "Not affected" in sysfs, which may not be correct. > > I looked this up.... > > The mitigations seem to rely on unprivileged code not being able > to do MMIO accesses. > That isn't true, device drivers can mmap PCIe addresses directly > into user program address space. > While unlikely, there is no reason this can't be supported for > non-root processes. Agree. Would it be fair to assume that processes that get direct hardware access are trusted?
