lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180207124935.46406c60@mschwideX1>
Date:   Wed, 7 Feb 2018 12:49:35 +0100
From:   Martin Schwidefsky <schwidefsky@...ibm.com>
To:     Pavel Machek <pavel@....cz>
Cc:     linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
        Heiko Carstens <heiko.carstens@...ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Cornelia Huck <cohuck@...hat.com>,
        David Hildenbrand <david@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jon Masters <jcm@...hat.com>,
        Marcus Meissner <meissner@...e.de>,
        Jiri Kosina <jkosina@...e.cz>,
        Dominik Brodowski <linux@...inikbrodowski.net>,
        Alan Cox <gnomes@...rguk.ukuu.org.uk>,
        David Woodhouse <dwmw2@...radead.org>
Subject: Re: [PATCH 4/6] s390: add options to change branch prediction
 behaviour for the kernel

On Wed, 7 Feb 2018 11:02:52 +0100
Pavel Machek <pavel@....cz> wrote:

> On Wed 2018-02-07 08:00:09, Martin Schwidefsky wrote:
> > Add the PPA instruction to the system entry and exit path to switch
> > the kernel to a different branch prediction behaviour. The instructions
> > are added via CPU alternatives and can be disabled with the "nospec"
> > or the "nobp=0" kernel parameter. If the default behaviour selected
> > with CONFIG_KERNEL_NOBP is set to "n" then the "nobp=1" parameter can be
> > used to enable the changed kernel branch prediction.
> > 
> > Acked-by: Cornelia Huck <cohuck@...hat.com>
> > Signed-off-by: Martin Schwidefsky <schwidefsky@...ibm.com>
> > ---
> >  arch/s390/Kconfig                 | 17 ++++++++++++++
> >  arch/s390/include/asm/processor.h |  1 +
> >  arch/s390/kernel/alternative.c    | 23 +++++++++++++++++++
> >  arch/s390/kernel/early.c          |  2 ++
> >  arch/s390/kernel/entry.S          | 48 +++++++++++++++++++++++++++++++++++++++
> >  arch/s390/kernel/ipl.c            |  1 +
> >  arch/s390/kernel/smp.c            |  2 ++
> >  7 files changed, 94 insertions(+)
> > 
> > diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> > index 0105ce2..d514e25 100644
> > --- a/arch/s390/Kconfig
> > +++ b/arch/s390/Kconfig
> > @@ -540,6 +540,23 @@ config ARCH_RANDOM
> >  
> >  	  If unsure, say Y.
> >  
> > +config KERNEL_NOBP
> > +	def_bool n
> > +	prompt "Enable modified branch prediction for the kernel by default"
> > +	help
> > +	  If this option is selected the kernel will switch to a modified
> > +	  branch prediction mode if the firmware interface is available.
> > +	  The modified branch prediction mode improves the behaviour in
> > +	  regard to speculative execution.
> > +
> > +	  With the option enabled the kernel parameter "nobp=0" or "nospec"
> > +	  can be used to run the kernel in the normal branch prediction mode.
> > +
> > +	  With the option disabled the modified branch prediction mode is
> > +	  enabled with the "nobp=1" kernel parameter.
> > +
> > +	  If unsure, say N.
> > +  
> 
> This could use some improvement.
> 
> Afaict the config option only changes the default behaviour? Do we
> need the option in such case? (CONFIG_CMDLINE_APPEND can be useful to
> avoid some options).

# git grep CMDLINE_APPEND

returns nothing. What are you referring to?

The idea of this config option is that a distributor can decide what
default behaviour the system should have if no command line parameter
is specified.
 
> Plus, it is not clear what "modified branch prediction mode is" and if
> "improves behaviour" means "faster" or "safer".

Naturally "improves behaviour in regard to speculative execution" is
indicating that the system is safer. In general that means slower as well
but as always it depends. What exactly is done is up to the machine.

-- 
blue skies,
   Martin.

"Reality continues to ruin my life." - Calvin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ