| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2023 08:15:16 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Eric Biggers <ebiggers@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
Roxana Bradescu <roxabee@...omium.org>,
Adam Langley <agl@...gle.com>,
Ard Biesheuvel <ardb@...nel.org>,
"Jason A . Donenfeld" <Jason@...c4.com>
Subject: Re: [PATCH] x86: enable Data Operand Independent Timing Mode
On 1/25/23 07:29, Dave Hansen wrote:
> There's another part here which I think was recently added to the
> documentation:
>
> Intel expects the performance impact of this mode may be
> significantly higher on future processors.
>
> That's _meant_ to be really scary and keep folks from turning this on by
> default, aka. what this patch does. Your new CPU will be really slow if
> you turn this on! Boo!
*If* we go forward with this patch's approach in the kernel, I think we
should at least consider what the kernel will do in a future where there
are two classes of systems:
1. Ice Lake era ones where DOITM=1 is cheap enough that it can
on by default.
2. "Future processors" where DOITM=1 by default is too costly.
Maybe for #2 we set DOITM=0 in the kernel. Maybe we add per-task
controls.
But, there *is* DOITM cost where the large fleets are going to be
tempted to turn it off somehow, somewhere. The kernel will be better
off if we can design that in now.
Powered by blists - more mailing lists