lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5eae565e-758d-f78e-bcde-16a1f278db7e@linux.intel.com>
Date:   Mon, 27 Nov 2017 23:32:59 -0800
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     Andy Lutomirski <luto@...capital.net>,
        Ingo Molnar <mingo@...nel.org>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H . Peter Anvin" <hpa@...or.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Borislav Petkov <bp@...en8.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 15/24] x86/mm: Allow flushing for future ASID switches

On 11/27/2017 09:16 PM, Andy Lutomirski wrote:
> We need to split up __flush_tlb_one() into __flush_tlb_one() and
> __flush_tlb_one_kernel().  We've gotten away with having a single
> function for both this long because we've never had PCID on and
> nonglobal kernel mappings around.  So we're busted starting with
> "x86/mm/kaiser: Disable global pages by default with KAISER", which
> means that we have a potential corruption issue affecting anyone who
> tries to bisect the series.

There's no way this thing works with CONFIG_KAISER=y in the middle of
the series, that's why the Kconfig patch was stuck at the end.  Is there
breaking without the Kconfig option enabled?

> Then we need to make the kernel variant do something sane (presumably
> just call __flush_tlb_all if we have PCID && !PGE).

Yes, auditing all the callers and figuring out what they're flushing is
a good exercise.

BTW, one reason I've avoided falling back to __flush_tlb_all() in the
"single" invalidate cases is that it hides bugs.  TLB invalidation bugs
are hard enough to find as it stands, but silently turning every "little
hammer" single flush into an implicit "big hammer" full flush shouldn't
be something that we do lightly.

> and, for the user
> variant, we need a straightforward, clean, efficient way to mark a
> given address space on a given CPU as needing a usermode PCID flush
> when its usermode tables are next loaded.  This patch isn't it.

Right now, the kernel and user ASIDs are pretty joined at the hip.  We
always flush them together.  We don't _need_ a mechanism to specifically
mark a user ASID because it doesn't get managed separately.

I assume you want to go this route so that we can eventually separate
out the user and kernel flushing because we can get the kernel flushing
for "free" at context switch time and then the user flushing for "free"
at the return to userspace.

That's all fine and good, but it *is* more complicated than what's there
right now.  Is there something that I'm missing here that it simplifies?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ