lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Aug 2018 13:45:18 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Reinette Chatre <reinette.chatre@...el.com>
cc:     fenghua.yu@...el.com, Tony Luck <tony.luck@...el.com>,
        vikas.shivappa@...ux.intel.com, gavin.hindman@...el.com,
        jithu.joseph@...el.com, dave.hansen@...el.com, mingo@...hat.com,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>
Subject: Re: [RFC PATCH 0/7] x86/intel_rdt: Restoration of Cache Pseudo-Locked
 regions

On Tue, 24 Jul 2018, Reinette Chatre wrote:

> Dear Maintainers,
> 
> A Cache Pseudo-Locked region is vulnerable to certain instructions (INVD,
> WBINVD, CLFLUSH) or deeper C-states (that could shrink or power off the
> cache) evicting the pseudo-locked memory. The current support for
> pseudo-locked regions already restrict deeper C-states on cores associated
> with the pseudo-locked regions, but the vulnerability to some instructions
> remain.
> 
> This work does not prevent the instructions to which Cache Pseudo-Locked
> regions are vulnerable, instead, this work support the restoration of
> Cache Pseudo-Locked regions that can be triggered manually by the user
> or automatically after the WBINVD instruction has been issued.
> 
> A new debugfs file "pseudo_lock_restore" is associated with each
> pseudo-locked region and can be used to manually trigger the memory
> associated with the region to be pseudo-locked to cache again.

I'm not seeing how that should be used. What's the indication for an
operator to write to that file?

> The system-wide "native_wbinvd()" is modified to trigger the restoration of
> all Cache Pseudo-Locked regions after the WBINVD instruction returns and
> effort is made to avoid any unnecessary work in this flow.
> 
> Within the kernel two locations with direct invocations of the WBINVD
> instruction are coverted to native_wbinvd() and compile tested. Neither
> location is likely to be used on the platforms supporting Cache Pseudo-Locking.

Can we just get rid of WBINVD?

Thanks,

	tglx

Powered by blists - more mailing lists