lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1532463771.git.reinette.chatre@intel.com>
Date:   Tue, 24 Jul 2018 13:40:11 -0700
From:   Reinette Chatre <reinette.chatre@...el.com>
To:     tglx@...utronix.de, fenghua.yu@...el.com, tony.luck@...el.com,
        vikas.shivappa@...ux.intel.com
Cc:     gavin.hindman@...el.com, jithu.joseph@...el.com,
        dave.hansen@...el.com, mingo@...hat.com, hpa@...or.com,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Reinette Chatre <reinette.chatre@...el.com>
Subject: [RFC PATCH 0/7] x86/intel_rdt: Restoration of Cache Pseudo-Locked regions

Dear Maintainers,

A Cache Pseudo-Locked region is vulnerable to certain instructions (INVD,
WBINVD, CLFLUSH) or deeper C-states (that could shrink or power off the
cache) evicting the pseudo-locked memory. The current support for
pseudo-locked regions already restrict deeper C-states on cores associated
with the pseudo-locked regions, but the vulnerability to some instructions
remain.

This work does not prevent the instructions to which Cache Pseudo-Locked
regions are vulnerable, instead, this work support the restoration of
Cache Pseudo-Locked regions that can be triggered manually by the user
or automatically after the WBINVD instruction has been issued.

A new debugfs file "pseudo_lock_restore" is associated with each
pseudo-locked region and can be used to manually trigger the memory
associated with the region to be pseudo-locked to cache again.

The system-wide "native_wbinvd()" is modified to trigger the restoration of
all Cache Pseudo-Locked regions after the WBINVD instruction returns and
effort is made to avoid any unnecessary work in this flow.

Within the kernel two locations with direct invocations of the WBINVD
instruction are coverted to native_wbinvd() and compile tested. Neither
location is likely to be used on the platforms supporting Cache Pseudo-Locking.

I am sending this as RFC to maintainers of core first to obtain feedback on
the approach before including the maintainers of other subsystems changed.

Your feedback on this proposal would be greatly appreciated.

Reinette

Reinette Chatre (7):
  x86/intel_rdt: Expose useful functions to all RDT code
  x86/intel_rdt: Enable a pseudo-locked region to be restored
  x86/intel_rdt: Enable user to trigger pseudo-locked region restore
  x86/intel_rdt: Support restore of all pseudo-locked regions
  x86/intel_rdt: Trigger pseudo-lock restore after wbinvd call
  mtd: replace direct wbinvd invoke with kernel api
  video: fbdev: i810: replace direct wbinvd invoke with kernel api

 Documentation/x86/intel_rdt_ui.txt          |  18 +-
 arch/x86/include/asm/special_insns.h        |  13 +-
 arch/x86/kernel/cpu/intel_rdt.h             |   2 +
 arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 198 +++++++++++++++++++-
 arch/x86/kernel/cpu/intel_rdt_rdtgroup.c    |   4 +-
 drivers/mtd/maps/nettel.c                   |   6 +-
 drivers/video/fbdev/i810/i810_main.h        |   2 +-
 7 files changed, 229 insertions(+), 14 deletions(-)

-- 
2.17.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ