lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCETrXzdAUVV76KDJUKyk-3CMFoUteMYCHTjB+mXZeFzRoGog@mail.gmail.com>
Date:   Sat, 3 Dec 2016 09:05:39 -0800
From:   Andy Lutomirski <luto@...capital.net>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Andy Lutomirski <luto@...nel.org>, Peter Anvin <hpa@...or.com>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Brian Gerst <brgerst@...il.com>,
        Matthew Whitehead <tedheadster@...il.com>,
        Henrique de Moraes Holschuh <hmh@....eng.br>,
        Peter Zijlstra <peterz@...radead.org>,
        Andrew Cooper <andrew.cooper3@...rix.com>
Subject: Re: [PATCH] x86/alternatives: Do not use sync_core() to serialize I$

On Sat, Dec 3, 2016 at 7:02 AM, Borislav Petkov <bp@...en8.de> wrote:
> On Fri, Dec 02, 2016 at 08:28:44PM +0100, Borislav Petkov wrote:
>> Ah, it is called only from apply_alternatives() but sure, it is safer
>> this way. Lemme do that and run it through the boxes to see whether
>> anything catches fire.
>
> Looks good, ran it on a bunch of machines, two of them huge AMD and
> Intel, 8-socket monsters.
>
> Here is a version with a commit message:
>
> ---
> From: Borislav Petkov <bp@...e.de>
> Date: Fri, 2 Dec 2016 23:18:51 +0100
> Subject: [PATCH] x86/alternatives: Do not use sync_core() to serialize I$
>
> We use sync_core() in the alternatives code to stop speculative
> execution of prefetched instructions because we are potentially changing
> them and don't want to execute stale bytes.
>
> What it does on most machines is call CPUID which is a serializing
> instruction. And that's expensive.
>
> However, the instruction cache is serialized when we're on the local CPU
> and are changing the data through the same virtual address. So then, we
> don't need the serializing CPUID but a simple control flow change. Last
> being accomplished with a CALL/RET which the noinline causes.
>
> So let's try it.

I like it.

Reviewed-by: Andy Lutomirski <luto@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ