| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171204224757.GC20227@worktop.programming.kicks-ass.net>
Date: Mon, 4 Dec 2017 23:47:57 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Andy Lutomirski <luto@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Dave Hansen <dave.hansen@...el.com>,
Borislav Petkov <bpetkov@...e.de>,
Greg KH <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...gle.com>,
Hugh Dickins <hughd@...gle.com>,
Brian Gerst <brgerst@...il.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Denys Vlasenko <dvlasenk@...hat.com>,
Rik van Riel <riel@...hat.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>,
David Laight <David.Laight@...lab.com>,
Eduardo Valentin <eduval@...zon.com>, aliguori@...zon.com,
Will Deacon <will.deacon@....com>,
Daniel Gruss <daniel.gruss@...k.tugraz.at>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ingo Molnar <mingo@...nel.org>, michael.schwarz@...k.tugraz.at,
Borislav Petkov <bp@...en8.de>, moritz.lipp@...k.tugraz.at,
richard.fellner@...dent.tugraz.at, abanman@....com,
mike.travis@....com
Subject: Re: [patch 51/60] x86/mm: Allow flushing for future ASID switches
On Mon, Dec 04, 2017 at 02:22:54PM -0800, Andy Lutomirski wrote:
> > +static inline void invalidate_pcid_other(void)
> > +{
> > + /*
> > + * With global pages, all of the shared kenel page tables
> > + * are set as _PAGE_GLOBAL. We have no shared nonglobals
> > + * and nothing to do here.
> > + */
> > + if (!static_cpu_has_bug(X86_BUG_CPU_SECURE_MODE_KPTI))
> > + return;
>
> I think I'd be more comfortable if this check were in the caller, not
> here. Shouldn't a function called invalidate_pcid_other() do what the
> name says?
Yeah, you're probably right. The thing is course that we only ever need
that operation for kpti (as of now). But me renaming this stuff made
this problem :/
> > + this_cpu_write(cpu_tlbstate.invalidate_other, true);
>
> Why do we need this extra variable instead of just looping over all
> other ASIDs and invalidating them? It would be something like:
>
> for (i = 1; i < TLB_NR_DYN_ASIDS; i++) {
> if (i != this_cpu_read(cpu_tlbstate.loaded_mm_asid))
> this_cpu_write(cpu_tlbstate.ctxs[i].ctx_id, 0);
> }
>
> modulo epic whitespace damage and possible typos.
I think the point is that we can do many invalidate_other's before we
ever do a switch_mm(). The above would be more expensive.
Not sure it would matter in practise though.
> > static inline void __flush_tlb_one(unsigned long addr)
> > {
> > count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
> > __flush_tlb_single(addr);
> > + /*
> > + * Invalidate other address spaces inaccessible to single-page
> > + * invalidation:
> > + */
>
> Ugh. If I'm reading this right, __flush_tlb_single() means "flush one
> user address" and __flush_tlb_one() means "flush one kernel address".
That would make sense, woulnd't it? :-) But afaict the __flush_tlb_one()
user in tlb_uv.c is in fact for userspace and should be
__flush_tlb_single().
Andrew, Mike, can either of you shed light on what exactly you need
invalidated there?
> That's, um, not exactly obvious. Could this be at least commented
> better?
As is __flush_tlb_single() does user and __flush_tlb_one() does
user+kernel.
Powered by blists - more mailing lists