| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2020 18:10:57 +1100
From: Balbir Singh <sblbir@...zon.com>
To: <linux-kernel@...r.kernel.org>, <tglx@...utronix.de>
CC: <tony.luck@...el.com>, <keescook@...omium.org>, <x86@...nel.org>,
<benh@...nel.crashing.org>, <dave.hansen@...el.com>,
Balbir Singh <sblbir@...zon.com>
Subject: [RFC PATCH v2 0/4] arch/x86: Optionally flush L1D on context switch
This patch is a continuation of RFC/PoC to start the discussion on optionally
flushing L1D cache. The goal is to allow tasks that are paranoid due to the
recent snoop assisted data sampling vulnerabilites, to flush their L1D on being
switched out. This protects their data from being snooped or leaked via
side channels after the task has context switched out.
The points of discussion/review are (with updates):
1. Discuss the use case and the right approach to address this
A. Generally there seems to be consensus that we need this
2. Does an arch prctl allowing for opt-in flushing make sense, would other
arches care about something similar?
A. We definitely build this for x86, have not heard from any other arch
maintainers. There was suggestion to make this a prctl and let each
arch implement L1D flushing if needed, there is no arch agnostic
software L1D flush.
3. There is a fallback software L1D load, similar to what L1TF does, but
we don't prefetch the TLB, is that sufficient?
A. There was no conclusion, I suspect we don't need this
4. Should we consider cleaning up the L1D on arrival of tasks?
A. For now, we think this case is not the priority for this patchset.
In summary, this is an early PoC to start the discussion on the need for
conditional L1D flushing based on the security posture of the
application and the sensitivity of the data it has access to or might
have access to.
Changelog v2:
- Reuse existing code for allocation and flush
- Simplify the goto logic in the actual l1d_flush function
- Optimize the code path with jump labels/static functions
Cc: keescook@...omium.org
Balbir Singh (4):
arch/x86/kvm: Refactor l1d flush lifecycle management
arch/x86: Refactor tlbflush and l1d flush
arch/x86: Optionally flush L1D on context switch
arch/x86: L1D flush, optimize the context switch
arch/x86/include/asm/cacheflush.h | 6 ++
arch/x86/include/asm/nospec-branch.h | 2 +
arch/x86/include/asm/thread_info.h | 4 ++
arch/x86/include/asm/tlbflush.h | 6 ++
arch/x86/include/uapi/asm/prctl.h | 3 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/l1d_flush.c | 85 ++++++++++++++++++++++++++++
arch/x86/kernel/process_64.c | 10 +++-
arch/x86/kvm/vmx/vmx.c | 56 +++---------------
arch/x86/mm/tlb.c | 85 ++++++++++++++++++++++++++++
10 files changed, 209 insertions(+), 49 deletions(-)
create mode 100644 arch/x86/kernel/l1d_flush.c
--
2.17.1
Powered by blists - more mailing lists