[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180315095803.GB27816@pd.tnic>
Date: Thu, 15 Mar 2018 10:58:03 +0100
From: Borislav Petkov <bp@...en8.de>
To: Henrique de Moraes Holschuh <hmh@....eng.br>
Cc: X86 ML <x86@...nel.org>, Emanuel Czirai <xftroxgpx@...tonmail.com>,
Ashok Raj <ashok.raj@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
LKML <linux-kernel@...r.kernel.org>,
Arjan Van De Ven <arjan.van.de.ven@...el.com>
Subject: Re: [PATCH 2/2] x86/microcode: Fix CPU synchronization routine
+ Arjan.
On Thu, Mar 15, 2018 at 01:01:32AM -0300, Henrique de Moraes Holschuh wrote:
> A reasonably well-known paper on intel microcode updates[1] profiled
> that very well, years ago (2013). The information about a linear
> increase in update time versus update size comes from that paper (I did
> not attempt to reproduce his findings, though).
WTF?
If I read this paper correctly:
http://www.inertiawar.com/microcode/
it is injecting faults and attempting to manipulate some size field -
I'm guessing the encrypted data size. And I'm also guessing that if you
manipulate that size, it would simply take a lot longer to attempt to
decrypt and verify that it is broken microcode and reject it. So it is
not actually a real update - it is just taking a lot longer to reject
it.
Now, I'm talking about genuine microcode updates. And that paper also
claims that they take thousands of cycles.
Now let's look at your previous, hm, "statement":
> Intel takes anything from twenty thousand cycles to several *million*
> cycles per core, proportional to microcode update size.
So you took a fault injection measurement out of context to claim that
*regular* microcode updates take millions of cycles.
So you had to say something - doesn't matter if it is apples and oranges
- as long as it is dramatic. Fuck the truth.
> When I measured my Xeon X5550 workstation doing an early update, the
> Xeon took about 1M cycles for the BSP, and 800k cycles for the APs (see
> below).
>
> To measure that, as far as I recall I just did a rdtsc right before the
RDTSC gets executed speculatively, so you need barriers around it. I
hope you added them.
> wrmsr, and another right after, and stashed the result somewhere to be
> able to print it out later in the BSP's case. I repeated the process
> (by rebooting) a few times. There was a *lot* of variation, but not
> enough to get it wrong by an order of magnitude.
>
> I am surprised that this would be news to you, though. It is not like I
> have been quiet about how expensive these updates are on Intel over the
> past years every time I sent you a patch related to this...
Frankly, I don't take you seriously. Even less so after this.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists