lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Oct 2007 11:49:01 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc:	Andi Kleen <andi@...stfloor.org>,
	Nick Piggin <nickpiggin@...oo.com.au>,
	David Chinner <dgc@....com>,
	Jeremy Fitzhardinge <jeremy@...p.org>, xfs@....sgi.com,
	Xen-devel <xen-devel@...ts.xensource.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Mark Williamson <mark.williamson@...cam.ac.uk>,
	Morten Bøgeskov 
	<xen-users@...ten.bogeskov.dk>, xfs-masters@....sgi.com
Subject: Re: Interaction between Xen and XFS: stray RW mappings

On Mon, Oct 22, 2007 at 08:16:01AM +1000, Benjamin Herrenschmidt wrote:
> On Mon, 2007-10-15 at 13:07 +0200, Andi Kleen wrote:
> > On Tue, Oct 16, 2007 at 12:56:46AM +1000, Nick Piggin wrote:
> > > Is this true even if you don't write through those old mappings?
> > 
> > I think it happened for reads too.  It is a little counter intuitive
> > because in theory the CPU doesn't need to write back non dirty lines,
> > but in the one case which took so long to debug exactly this happened
> > somehow.
> 
> The problem exist also on ppc, and afaik, is due to the line being in
> the cache at all (either dirty (write) or not (read)), thus causing the
> snoop logic to hit, that is what's causing the problem vs. non cached
> accesses.

That makes sense. Snoop can effectively turn a read into a write.

> Also, on some processors, the simple fact of having the page mapped can
> cause the CPU to prefetch from it even if it's not actually accessed
> (speculative prefetch can cross page boundaries if things are mapped).

Exactly that happens on x86. Normally prefetches stop on TLB miss,
but the CPU can do speculative TLB fetches too.

Also even without any prefetching the CPU does speculative execution
and that can lead to random addresses being followed.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ