lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 12 Nov 2014 15:38:03 -0800
From:	Andy Lutomirski <luto@...capital.net>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Valdis Kletnieks <Valdis.Kletnieks@...edu>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Paul Mackerras <paulus@...ba.org>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Ingo Molnar <mingo@...hat.com>,
	Kees Cook <keescook@...omium.org>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Vince Weaver <vince@...ter.net>,
	"hillf.zj" <hillf.zj@...baba-inc.com>,
	Andy Lutomirski <luto@...capital.net>
Subject: Re: [PATCH v2 0/8] CR4 handling improvements

On Fri, Oct 24, 2014 at 3:58 PM, Andy Lutomirski <luto@...capital.net> wrote:
> This little series tightens up rdpmc permissions.  With it applied,
> rdpmc can only be used if a perf_event is actually mmapped.  For now,
> this is only really useful for seccomp.
>
> At some point this could be further tightened up to only allow rdpmc
> if an actual self-monitoring perf event that is compatible with
> rdpmc is mapped.
>
> This should add <50ns to context switches between rdpmc-capable and
> rdpmc-non-capable mms.  I suspect that this is well under 10%
> overhead, given that perf already adds some context switch latency.
>
> I think that patches 1-3 are a good idea regardless of any rdpmc changes.
>
> AMD Uncore userspace rdpmc is broken by these patches (cap_user_rdpmc
> will be zero), but it was broken anyway.
>
> Changes from v1 (aka RFC):
>  - Rebased on top of the KVM CR4 fix.  This applies to a very recent -linus.
>  - Renamed the cr4 helpers (Peter, Borislav)
>  - Fixed buggy cr4 helpers (Hilf)
>  - Improved lots of comments (everyone)
>  - Renamed read_cr4 and write_cr4 to make sure I didn't miss anything.
>    (NB: This will introduce conflicts with Andi's FSGSBASE work.  This is
>     a good thing.)
>
> Andy Lutomirski (7):
>   x86: Clean up cr4 manipulation
>   x86: Store a per-cpu shadow copy of CR4
>   x86: Add a comment clarifying LDT context switching
>   perf: Add pmu callbacks to track event mapping and unmapping
>   perf: Pass the event to arch_perf_update_userpage
>   x86, perf: Only allow rdpmc if a perf_event is mapped
>   x86, perf: Add /sys/devices/cpu/rdpmc=2 to allow rdpmc for all tasks
>
> Peter Zijlstra (1):
>   perf: Clean up pmu::event_idx
>


What's the status of these?  I think that "perf: Clean up
pmu::event_idx" and "x86: Add a comment clarifying LDT context
switching" are in -tip, the two cr4 cleanups ("x86: Clean up cr4
manipulation" and "x86: Store a per-cpu shadow copy of CR4") are
reviewed but will conflict with Andi's fsgsbase work, and the rest are
waiting for review.

Thanks,
Andy


>  arch/powerpc/perf/hv-24x7.c          |  6 ---
>  arch/powerpc/perf/hv-gpci.c          |  6 ---
>  arch/s390/kernel/perf_cpum_sf.c      |  6 ---
>  arch/x86/include/asm/mmu.h           |  2 +
>  arch/x86/include/asm/mmu_context.h   | 32 ++++++++++++++-
>  arch/x86/include/asm/paravirt.h      |  6 +--
>  arch/x86/include/asm/processor.h     | 33 ----------------
>  arch/x86/include/asm/special_insns.h |  6 +--
>  arch/x86/include/asm/tlbflush.h      | 77 ++++++++++++++++++++++++++++++++----
>  arch/x86/include/asm/virtext.h       |  5 ++-
>  arch/x86/kernel/acpi/sleep.c         |  2 +-
>  arch/x86/kernel/cpu/common.c         | 17 +++++---
>  arch/x86/kernel/cpu/mcheck/mce.c     |  3 +-
>  arch/x86/kernel/cpu/mcheck/p5.c      |  3 +-
>  arch/x86/kernel/cpu/mcheck/winchip.c |  3 +-
>  arch/x86/kernel/cpu/mtrr/cyrix.c     |  6 +--
>  arch/x86/kernel/cpu/mtrr/generic.c   |  6 +--
>  arch/x86/kernel/cpu/perf_event.c     | 76 ++++++++++++++++++++++++++---------
>  arch/x86/kernel/cpu/perf_event.h     |  2 +
>  arch/x86/kernel/head32.c             |  1 +
>  arch/x86/kernel/head64.c             |  2 +
>  arch/x86/kernel/i387.c               |  3 +-
>  arch/x86/kernel/process.c            |  5 ++-
>  arch/x86/kernel/process_32.c         |  2 +-
>  arch/x86/kernel/process_64.c         |  2 +-
>  arch/x86/kernel/setup.c              |  2 +-
>  arch/x86/kernel/xsave.c              |  3 +-
>  arch/x86/kvm/svm.c                   |  2 +-
>  arch/x86/kvm/vmx.c                   | 10 ++---
>  arch/x86/mm/fault.c                  |  2 +-
>  arch/x86/mm/init.c                   | 12 +++++-
>  arch/x86/mm/tlb.c                    |  3 --
>  arch/x86/power/cpu.c                 | 11 ++----
>  arch/x86/realmode/init.c             |  2 +-
>  arch/x86/xen/enlighten.c             |  4 +-
>  drivers/lguest/x86/core.c            |  4 +-
>  include/linux/perf_event.h           |  7 ++++
>  kernel/events/core.c                 | 29 ++++++--------
>  kernel/events/hw_breakpoint.c        |  7 ----
>  39 files changed, 256 insertions(+), 154 deletions(-)
>
> --
> 1.9.3
>



-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ