lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Oct 2019 20:09:02 +0000
From:   Jayachandran Chandrasekharan Nair <jnair@...vell.com>
To:     Will Deacon <will@...nel.org>
CC:     "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "catalin.marinas@....com" <catalin.marinas@....com>,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
        Linux ARM Kernel Mailing List 
        <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [GIT PULL] arm64: Fixes for -rc4

On Fri, Oct 18, 2019 at 12:43:49AM +0100, Will Deacon wrote:
> Hi Linus,
> 
> Please pull these arm64 fixes for -rc4. The main thing here is a
> long-awaited workaround for a CPU erratum on ThunderX2 which we have
> developed in conjunction with engineers from Cavium/Marvell. At the moment,
> the workaround is unconditionally enabled for affected CPUs at runtime
> but we may add a command-line option to disable it in future if performance
> numbers show up indicating a significant cost for real workloads.

As the Cavium/Marvell engineer who was involved in this, I will note
that I had suggested a patch providing a runtime override[1] while
providing safe defaults.

Marc's patchset adds a trap to hypervisor in the system call path when
KPTI is enabled, and KPTI is generally enabled on stock VM images. So
normal users will see some performance regression (e.g I see something
in the range of 3-4% on guest kernel compile).

As a policy, I don't agree with having errata workarounds that can be
left to the discretion of the admin to be forced at compile time.
Since most of these workarounds use run-time code patching with
alternatives, there is no need to do this at all.

But given that this is already merged and cc:ed to stable, I will see
if I can come up with enough data to convince Will.

JC
[1]
https://lore.kernel.org/linux-arm-kernel/20191011232031.GA29752@dc5-eodlnx05.marvell.com/T/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ