| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3609a852-1477-a5b2-3858-c2cbfb3999a9@amd.com>
Date: Thu, 20 Sep 2018 21:38:59 +0000
From: "Lendacky, Thomas" <Thomas.Lendacky@....com>
To: Tim Chen <tim.c.chen@...ux.intel.com>,
Jiri Kosina <jikos@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
CC: Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH 0/2] Provide options to enable spectre_v2
userspace-userspace protection
On 09/19/2018 04:35 PM, Tim Chen wrote:
> This patchset provides an option to apply IBPB and STIBP mitigation
> to only non-dumpable processes.
>
> Jiri's patch to harden spectre_v2 makes IBPB and STIBP available for
> general spectre v2 app to app mitigation. IBPB will be issued for
> switching to an app that's not ptraceable by the previous
> app and STIBP will be always turned on.
>
> However, leaving STIBP on all the time is expensive for certain
> applications that have frequent indirect branches. One such application
> is perlbench in the SpecInt Rate 2006 test suite which shows a
> 21% reduction in throughput. Other application like bzip2 in
> the same test suite with minimal indirct branches have
> only a 0.7% reduction in throughput. IBPB will also impose
> overhead during context switches.
>
> App to app exploit is in general difficult
> due to address space layout randomization in apps and
> the need to know an app's address space layout ahead of time.
> Users may not wish to incur app to app performance
> overhead from IBPB and STIBP for general non security sensitive apps
> and use these mitigations only for non-dumpable apps.
>
> The first patch provides a lite option for spectre_v2 app to app
> mitigation where IBPB is only issued for security sensitive
> non-dumpable app. The second patch extends this option
> where STIBP is only issued for non-dumpable app.
>
> The changes apply to intel cpus affected by spectre_v2. Tom,
> can you update the STIBP changes for AMD cpus on
> __speculative_store_bypass_update and x86_virt_spec_ctrl
> to update the SPEC_CTRL msr for AMD cpu?
Hi Tim,
Let me think about this a bit, since it can get a bit tricky if
I want to avoid multiple MSR writes when only one may have been
needed (assuming SSBD is not using the SPEC_CTRL MSR).
Thanks,
Tom
>
> Thanks.
>
> Tim
>
> Tim Chen (2):
> x86/speculation: Option to select app to app mitigation for spectre_v2
> x86/speculation: Provide application property based STIBP protection
>
> Documentation/admin-guide/kernel-parameters.txt | 11 +++
> arch/x86/include/asm/msr-index.h | 3 +-
> arch/x86/include/asm/nospec-branch.h | 9 ++
> arch/x86/include/asm/spec-ctrl.h | 12 +++
> arch/x86/include/asm/thread_info.h | 4 +-
> arch/x86/kernel/cpu/bugs.c | 105 ++++++++++++++++++++++--
> arch/x86/kernel/process.c | 9 +-
> arch/x86/mm/tlb.c | 41 ++++++++-
> 8 files changed, 179 insertions(+), 15 deletions(-)
>
Powered by blists - more mailing lists