| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2017 14:54:46 -0800
From: Andy Lutomirski <luto@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Dave Hansen <dave.hansen@...el.com>,
Borislav Petkov <bpetkov@...e.de>,
Greg KH <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...gle.com>,
Hugh Dickins <hughd@...gle.com>,
Brian Gerst <brgerst@...il.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Denys Vlasenko <dvlasenk@...hat.com>,
Rik van Riel <riel@...hat.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>,
David Laight <David.Laight@...lab.com>,
Eduardo Valentin <eduval@...zon.com>, aliguori@...zon.com,
Will Deacon <will.deacon@....com>,
Daniel Gruss <daniel.gruss@...k.tugraz.at>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ingo Molnar <mingo@...nel.org>, michael.schwarz@...k.tugraz.at,
Borislav Petkov <bp@...en8.de>, moritz.lipp@...k.tugraz.at,
richard.fellner@...dent.tugraz.at, Andrew Banman <abanman@....com>,
mike.travis@....com
Subject: Re: [patch 51/60] x86/mm: Allow flushing for future ASID switches
On Mon, Dec 4, 2017 at 2:47 PM, Peter Zijlstra <peterz@...radead.org> wrote:
> On Mon, Dec 04, 2017 at 02:22:54PM -0800, Andy Lutomirski wrote:
>
>> > +static inline void invalidate_pcid_other(void)
>> > +{
>> > + /*
>> > + * With global pages, all of the shared kenel page tables
>> > + * are set as _PAGE_GLOBAL. We have no shared nonglobals
>> > + * and nothing to do here.
>> > + */
>> > + if (!static_cpu_has_bug(X86_BUG_CPU_SECURE_MODE_KPTI))
>> > + return;
>>
>> I think I'd be more comfortable if this check were in the caller, not
>> here. Shouldn't a function called invalidate_pcid_other() do what the
>> name says?
>
> Yeah, you're probably right. The thing is course that we only ever need
> that operation for kpti (as of now). But me renaming this stuff made
> this problem :/
>
>> > + this_cpu_write(cpu_tlbstate.invalidate_other, true);
>>
>> Why do we need this extra variable instead of just looping over all
>> other ASIDs and invalidating them? It would be something like:
>>
>> for (i = 1; i < TLB_NR_DYN_ASIDS; i++) {
>> if (i != this_cpu_read(cpu_tlbstate.loaded_mm_asid))
>> this_cpu_write(cpu_tlbstate.ctxs[i].ctx_id, 0);
>> }
>>
>> modulo epic whitespace damage and possible typos.
>
> I think the point is that we can do many invalidate_other's before we
> ever do a switch_mm(). The above would be more expensive.
>
> Not sure it would matter in practise though.
>
>> > static inline void __flush_tlb_one(unsigned long addr)
>> > {
>> > count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
>> > __flush_tlb_single(addr);
>> > + /*
>> > + * Invalidate other address spaces inaccessible to single-page
>> > + * invalidation:
>> > + */
>>
>> Ugh. If I'm reading this right, __flush_tlb_single() means "flush one
>> user address" and __flush_tlb_one() means "flush one kernel address".
>
> That would make sense, woulnd't it? :-) But afaict the __flush_tlb_one()
> user in tlb_uv.c is in fact for userspace and should be
> __flush_tlb_single().
>
> Andrew, Mike, can either of you shed light on what exactly you need
> invalidated there?
>
>> That's, um, not exactly obvious. Could this be at least commented
>> better?
>
> As is __flush_tlb_single() does user and __flush_tlb_one() does
> user+kernel.
Yep. A one-liner above the function to that effect would make it
*way* clearer what's going on.
Powered by blists - more mailing lists