lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180110131010.GK9706@redhat.com>
Date:   Wed, 10 Jan 2018 14:10:10 +0100
From:   Andrea Arcangeli <aarcange@...hat.com>
To:     David Woodhouse <dwmw2@...radead.org>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...uxfoundation.org>, x86@...nel.org,
        Borislav Petkov <bp@...en8.de>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Andy Lutomirski <luto@...nel.org>,
        Arjan Van De Ven <arjan.van.de.ven@...el.com>
Subject: Re: [patch RFC 5/5] x86/speculation: Add basic speculation control
 code

On Wed, Jan 10, 2018 at 02:05:51PM +0100, Andrea Arcangeli wrote:
> Also note, the slowdown of setting IBRS varies with older CPUs being

To give a further detail, older CPUs to provide IBRS semantics have to
do something even less finegrined that doesn't just restricts
speculation across IBRS less privileged prediction level, that doesn't
just restrict speculation across indirect branches, that doesn't just
restrict indirect branch prediction, but that shuts down a whole block
of the CPU to achieve those super finegrined theoretical IBRS
semantics that matches future silicon.

IBRS is doing a lot more than what it would be needed because there
was no other way to achieve it on some microcode
implementations. Which is why ibrs_enabled 1 is needed to achieve
better performance as you don't want to run slower while in user mode,
much better to pay the cost of setting IBRS and shutting down that
part of the CPU.

It's still incredibly faster to shutdown part of the CPU temporarily
than to flush its internal state as a whole with IBPB. If it wouldn't
be the case ibrs_enabled 0 ibpb_enabled 2 special mode would perform
better (but that's only enabled by default if SPEC_CTRL is not
available and only IBPB_SUPPORT is).

Thanks,
Andrea

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ