lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <A0C398D5-30CF-473E-9D08-64A038633F66@amacapital.net>
Date:   Tue, 9 Jan 2018 17:39:04 -0800
From:   Andy Lutomirski <luto@...capital.net>
To:     Andi Kleen <andi@...stfloor.org>
Cc:     tglx@...utronix.de, x86@...nel.org, linux-kernel@...r.kernel.org,
        torvalds@...ux-foundation.org, dwmw@...zon.co.uk, pjt@...gle.com,
        luto@...nel.org, peterz@...radead.org, thomas.lendacky@....com,
        tim.c.chen@...ux.intel.com, gregkh@...ux-foundation.org,
        dave.hansen@...el.com, jikos@...nel.org
Subject: Re: x86/clearregs: Register sanitizing at kernel entry for speculation hygiene



On Jan 9, 2018, at 5:34 PM, Andi Kleen <andi@...stfloor.org> wrote:

>> I don't like this at all.  Once upon a time, Linux syscalls were supposed to be fast.  Then we learned about the Meltdown screwup, so we mostly fixed it for real upstream and the distroa seriously half-arsed their own fixes [1].  This came with a big performance cost, but it can be turned off on non-busted hardware.  So be it.
> 
> That's true, but modern CPUs are also a lot faster/wider than the K8
> the fast path was originally designed for. A modern CPU can go through
> these instructions really fast with a very high IPC because they don't have
> dependencies or stalls.
> 
> So it shouldn't hurt very much.
> 
> Also in fact when the fast path was originally written the ABI still had a
> different caller/callee split which made it more better. Later on
> it already lost some of its benefits and was less of a win.
> 
>> But now we're proposing to throw out the whole fast path because it might make it a bit harder to do the most obvious attack.  Not very hard, mind you, but a little bit harder.  And there's no off switch for less-leaky hardware.  No thanks.
> 
> Well the off switch is a fast CPU.

When I rewrote the fast path, I did it on SNB.  Not much has changed.

This patch should come with benchmarks (with PTI off).

And Intel needs to come up with real fixes for this stuff.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ