lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Aug 2018 13:45:18 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: Reinette Chatre <reinette.chatre@...el.com> cc: fenghua.yu@...el.com, Tony Luck <tony.luck@...el.com>, vikas.shivappa@...ux.intel.com, gavin.hindman@...el.com, jithu.joseph@...el.com, dave.hansen@...el.com, mingo@...hat.com, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, LKML <linux-kernel@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [RFC PATCH 0/7] x86/intel_rdt: Restoration of Cache Pseudo-Locked regions On Tue, 24 Jul 2018, Reinette Chatre wrote: > Dear Maintainers, > > A Cache Pseudo-Locked region is vulnerable to certain instructions (INVD, > WBINVD, CLFLUSH) or deeper C-states (that could shrink or power off the > cache) evicting the pseudo-locked memory. The current support for > pseudo-locked regions already restrict deeper C-states on cores associated > with the pseudo-locked regions, but the vulnerability to some instructions > remain. > > This work does not prevent the instructions to which Cache Pseudo-Locked > regions are vulnerable, instead, this work support the restoration of > Cache Pseudo-Locked regions that can be triggered manually by the user > or automatically after the WBINVD instruction has been issued. > > A new debugfs file "pseudo_lock_restore" is associated with each > pseudo-locked region and can be used to manually trigger the memory > associated with the region to be pseudo-locked to cache again. I'm not seeing how that should be used. What's the indication for an operator to write to that file? > The system-wide "native_wbinvd()" is modified to trigger the restoration of > all Cache Pseudo-Locked regions after the WBINVD instruction returns and > effort is made to avoid any unnecessary work in this flow. > > Within the kernel two locations with direct invocations of the WBINVD > instruction are coverted to native_wbinvd() and compile tested. Neither > location is likely to be used on the platforms supporting Cache Pseudo-Locking. Can we just get rid of WBINVD? Thanks, tglx
Powered by blists - more mailing lists