| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Feb 2018 12:49:35 +0100
From: Martin Schwidefsky <schwidefsky@...ibm.com>
To: Pavel Machek <pavel@....cz>
Cc: linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
Heiko Carstens <heiko.carstens@...ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
Cornelia Huck <cohuck@...hat.com>,
David Hildenbrand <david@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jon Masters <jcm@...hat.com>,
Marcus Meissner <meissner@...e.de>,
Jiri Kosina <jkosina@...e.cz>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Alan Cox <gnomes@...rguk.ukuu.org.uk>,
David Woodhouse <dwmw2@...radead.org>
Subject: Re: [PATCH 4/6] s390: add options to change branch prediction
behaviour for the kernel
On Wed, 7 Feb 2018 11:02:52 +0100
Pavel Machek <pavel@....cz> wrote:
> On Wed 2018-02-07 08:00:09, Martin Schwidefsky wrote:
> > Add the PPA instruction to the system entry and exit path to switch
> > the kernel to a different branch prediction behaviour. The instructions
> > are added via CPU alternatives and can be disabled with the "nospec"
> > or the "nobp=0" kernel parameter. If the default behaviour selected
> > with CONFIG_KERNEL_NOBP is set to "n" then the "nobp=1" parameter can be
> > used to enable the changed kernel branch prediction.
> >
> > Acked-by: Cornelia Huck <cohuck@...hat.com>
> > Signed-off-by: Martin Schwidefsky <schwidefsky@...ibm.com>
> > ---
> > arch/s390/Kconfig | 17 ++++++++++++++
> > arch/s390/include/asm/processor.h | 1 +
> > arch/s390/kernel/alternative.c | 23 +++++++++++++++++++
> > arch/s390/kernel/early.c | 2 ++
> > arch/s390/kernel/entry.S | 48 +++++++++++++++++++++++++++++++++++++++
> > arch/s390/kernel/ipl.c | 1 +
> > arch/s390/kernel/smp.c | 2 ++
> > 7 files changed, 94 insertions(+)
> >
> > diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> > index 0105ce2..d514e25 100644
> > --- a/arch/s390/Kconfig
> > +++ b/arch/s390/Kconfig
> > @@ -540,6 +540,23 @@ config ARCH_RANDOM
> >
> > If unsure, say Y.
> >
> > +config KERNEL_NOBP
> > + def_bool n
> > + prompt "Enable modified branch prediction for the kernel by default"
> > + help
> > + If this option is selected the kernel will switch to a modified
> > + branch prediction mode if the firmware interface is available.
> > + The modified branch prediction mode improves the behaviour in
> > + regard to speculative execution.
> > +
> > + With the option enabled the kernel parameter "nobp=0" or "nospec"
> > + can be used to run the kernel in the normal branch prediction mode.
> > +
> > + With the option disabled the modified branch prediction mode is
> > + enabled with the "nobp=1" kernel parameter.
> > +
> > + If unsure, say N.
> > +
>
> This could use some improvement.
>
> Afaict the config option only changes the default behaviour? Do we
> need the option in such case? (CONFIG_CMDLINE_APPEND can be useful to
> avoid some options).
# git grep CMDLINE_APPEND
returns nothing. What are you referring to?
The idea of this config option is that a distributor can decide what
default behaviour the system should have if no command line parameter
is specified.
> Plus, it is not clear what "modified branch prediction mode is" and if
> "improves behaviour" means "faster" or "safer".
Naturally "improves behaviour in regard to speculative execution" is
indicating that the system is safer. In general that means slower as well
but as always it depends. What exactly is done is up to the machine.
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
Powered by blists - more mailing lists