From: Andi Kleen <ak@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v2 3/8] MDSv2 5
Date: Mon, 10 Dec 2018 18:10:20 -0800 [thread overview]
Message-ID: <20181211021020.GF16024@tassilo.jf.intel.com> (raw)
In-Reply-To: <CAHk-=wh-Kxi6PHzy8bU2zjApv9njzkNzjnY74vf62TTNbcXxZA@mail.gmail.com>
On Mon, Dec 10, 2018 at 04:43:56PM -0800, speck for Linus Torvalds wrote:
Ok I will inline it.
FWIW the overhead is currently ~7 cycles on SKL, see [1]
> It's encryption keys etc. too. But yes.
>
> I think the encryption key case could easily have a "let's scrub cpu
> state" thing.
> It already does other strange things, like memset_safe() or whatever it is
> that forces a memset even if the compiler decides it's dead.
But the problem is how do we find all cases where someone else's data
is touched?
Even if I write a patch for the known to me cases I could
never guarantee I found all.
FWIW I suspect crypto is actually not that big an issue because
most uses should be in own threads, which would be handled
by the context switch flush. But at least softirqs/timers copying
some user data is a real danger.
>
> FWIW from our tests so far the performance loss from the kernel exit
> overhead
> doesn't seem to be that bad.
>
> I haven't seen any numbers, and whilei can believe it's true for the verw
> case if there is hw acceleration, I doubt the SW case isn't noticeable.
> Plus we've already seen that people have been way too eager to apply
> patches just because there is alleged security implications, without doing
> any kind of risk vs cost analysis.
My understanding is that while this is much harder to exploit than L1TF or
Meltdown, there are working exploits.
-Andi
[1]
ffffffff818f5946 callq 0xffffffff81091960 # PRED 1 cycles [507]
clear_cpu_buffers_idle:
ffffffff81091960 nopl %eax, (%rax,%rax,1)
ffffffff81091965 movl 0x12a3ab9(%rip), %eax
ffffffff8109196b test %eax, %eax
ffffffff8109196d jz 0xffffffff81091970 # PRED 1 cycles [508] 3.00 IPC
ffffffff81091970 pushq %rbp
ffffffff81091971 mov %rsp, %rbp
ffffffff81091974 callq 0xffffffff81091940 # PRED 1 cycles [509] 2.00 IPC
(it would help if we didn't disable tail calls with debug info I guess ...)
clear_cpu_buffers:
ffffffff81091940 nopl %eax, (%rax,%rax,1)
ffffffff81091945 pushq %rbp
ffffffff81091946 mov %rsp, %rbp
ffffffff81091949 nopl %eax, (%rax,%rax,1)
ffffffff81091951 data16 nop
ffffffff81091953 popq %rbp
ffffffff81091954 retq # PRED 4 cycles [513] 1.50 IPC
clear_cpu_buffers_idle+25:
ffffffff81091979 popq %rbp
ffffffff8109197a retq # PRED 1 cycles [514] 1.00 IPC
next prev parent reply other threads:[~2018-12-11 2:10 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-10 17:53 [MODERATED] [PATCH v2 0/8] MDSv2 8 Andi Kleen
2018-12-10 17:53 ` [MODERATED] [PATCH v2 1/8] MDSv2 4 Andi Kleen
2018-12-11 14:14 ` [MODERATED] " Paolo Bonzini
2018-12-12 21:22 ` Konrad Rzeszutek Wilk
2018-12-12 21:28 ` Andi Kleen
2018-12-12 21:25 ` Konrad Rzeszutek Wilk
2018-12-10 17:53 ` [MODERATED] [PATCH v2 2/8] MDSv2 1 Andi Kleen
2018-12-10 22:49 ` [MODERATED] " Jiri Kosina
2018-12-11 0:03 ` Andi Kleen
2018-12-11 0:13 ` Kanth Ghatraju
2018-12-11 2:00 ` Andi Kleen
2018-12-11 5:36 ` Jiri Kosina
2018-12-11 10:03 ` Borislav Petkov
2018-12-12 21:31 ` Konrad Rzeszutek Wilk
2018-12-12 21:43 ` Andi Kleen
2018-12-12 22:17 ` Borislav Petkov
2018-12-12 22:40 ` Konrad Rzeszutek Wilk
2018-12-12 22:45 ` Borislav Petkov
2018-12-13 15:15 ` Andrew Cooper
2018-12-13 16:52 ` Borislav Petkov
2018-12-10 17:53 ` [MODERATED] [PATCH v2 3/8] MDSv2 5 Andi Kleen
2018-12-10 23:00 ` [MODERATED] " Linus Torvalds
2018-12-11 0:03 ` Andi Kleen
2018-12-11 0:43 ` Linus Torvalds
2018-12-11 1:33 ` Linus Torvalds
2018-12-11 2:12 ` Andi Kleen
2018-12-11 2:20 ` Linus Torvalds
2018-12-11 3:25 ` Andi Kleen
2018-12-11 17:55 ` Linus Torvalds
2018-12-11 18:10 ` Borislav Petkov
2018-12-11 18:21 ` Linus Torvalds
2018-12-11 18:26 ` Borislav Petkov
2018-12-11 19:47 ` Andi Kleen
2018-12-11 21:22 ` Thomas Gleixner
2018-12-12 14:02 ` [MODERATED] " Paolo Bonzini
2018-12-12 17:58 ` Andi Kleen
2018-12-12 18:47 ` Linus Torvalds
2018-12-13 19:44 ` Linus Torvalds
2018-12-13 20:48 ` Andi Kleen
2018-12-13 20:56 ` Linus Torvalds
2018-12-15 0:30 ` Andi Kleen
2018-12-11 2:10 ` Andi Kleen [this message]
2018-12-11 0:09 ` Andrew Cooper
2018-12-10 17:53 ` [MODERATED] [PATCH v2 4/8] MDSv2 0 Andi Kleen
2018-12-12 21:45 ` [MODERATED] " Konrad Rzeszutek Wilk
2018-12-12 22:09 ` Andi Kleen
2018-12-12 22:36 ` Konrad Rzeszutek Wilk
2018-12-10 17:53 ` [MODERATED] [PATCH v2 5/8] MDSv2 7 Andi Kleen
2018-12-11 0:33 ` [MODERATED] " Andrew Cooper
2018-12-12 18:05 ` Andrew Cooper
2018-12-12 21:41 ` Konrad Rzeszutek Wilk
2018-12-12 22:12 ` Andi Kleen
2018-12-10 17:53 ` [MODERATED] [PATCH v2 6/8] MDSv2 3 Andi Kleen
2018-12-11 0:37 ` [MODERATED] " Andrew Cooper
2018-12-11 0:46 ` Luck, Tony
2018-12-11 1:02 ` Andrew Cooper
2018-12-11 1:53 ` Andi Kleen
2018-12-10 17:53 ` [MODERATED] [PATCH v2 7/8] MDSv2 6 Andi Kleen
2018-12-10 17:53 ` [MODERATED] [PATCH v2 8/8] MDSv2 2 Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181211021020.GF16024@tassilo.jf.intel.com \
--to=ak@linux.intel.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).