lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <69827bd5-e423-1c90-9833-af0567721243@linux.intel.com>
Date:   Tue, 8 Jan 2019 17:35:47 -0800
From:   Tim Chen <tim.c.chen@...ux.intel.com>
To:     Ben Greear <greearb@...delatech.com>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Jon Masters <jcm@...hat.com>,
        Waiman Long <longman9394@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
        x86@...nel.org, stable@...r.kernel.org
Subject: Re: [PATCH] x86/speculation: Add document to describe Spectre and its
 mitigations

On 1/8/19 4:58 PM, Ben Greear wrote:
> On 1/7/19 9:57 AM, Tim Chen wrote:
>> On 12/31/18 8:22 AM, Ben Greear wrote:
>>>
>>>
>>> On 12/21/2018 05:17 PM, Tim Chen wrote:
>>>>
>>>> If you don't worry about security and performance is paramount, then
>>>> boot with "nospectre_v2".  That's explained in the document.
>>>
>>> There seem to be lots of different variants of this type of problem.  It was not clear
>>> to me that just doing nospectre_v2 would be sufficient to get back full performance.
>>
>> The performance penalty comes from retpoline penalizing indirect branch predictions in kernel.
>> With nospectre_v2, retpoline is disabled so you should get all the performance
>> back from spectre mitigation.
>>
>> This does not disable kernel page table isolation for meltdown mitigation, which also
>> needs to be turned off if you want to get the full performance back.  That's somewhat
>> beyond the scope of this doc on Spectre.
> 
> The two bug families (spectre and meltdown) are conflated in my mind, at least.
> 
> For those of us who do not really understand this stuff in detail, it would
> be good to at least mention some notes about Meltdown I think.

Probably Meltdown deserves its own meltdown.rst, I think.

> 
>>> And anyway, I would like to compile the kernel to not need that command-line option,
>>> so I am still interesting in what compile options need to be set to what values...
>>>
>>
>> If you just want to disable spectre mitigation, setting CONFIG_RETPOLINE=n should do
>> the  trick.  If you also want to disable meltdown mitigation,
>> set CONFIG_PAGE_TABLE_ISOLATION=n.
> 
> Ok, are there any other CONFIG options that relate to fixing security bugs that
> have noticeable performance impacts or are these two the complete list?
> 

There are those related to Speculative Store Bypass Disable (SSBD) and L1 Terminal Fault (L1TF).
SSBD affects mostly sandboxed code so you should not have performance impact unless
you are running code sandboxed with SECCOMP.  L1TF has its own explanation in l1tf.rst and
affects performance mostly of VM.

So you should be good if you turn off retpoline and page table isolation in your config if those things don't affect you.

If we want a single CONFIG to turn all these off, like what Arjan suggested, that will be a separate
topic and discussions.


Tim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ