lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAD=FV=WCu7o41iyn27vNBWo4f_X_XVy+PPPjBKc+70g5jd5+8w@mail.gmail.com>
Date:   Thu, 9 Jul 2020 12:42:57 -0700
From:   Doug Anderson <dianders@...omium.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Abhishek Bhardwaj <abhishekbh@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Anthony Steinhauser <asteinhauser@...gle.com>,
        Borislav Petkov <bp@...en8.de>,
        "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Mark Gross <mgross@...ux.intel.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Waiman Long <longman@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>, kvm@...r.kernel.org,
        x86 <x86@...nel.org>
Subject: Re: [PATCH v5] x86/speculation/l1tf: Add KConfig for setting the L1D
 cache flush mode

Hi,

On Thu, Jul 9, 2020 at 3:51 AM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> Abhishek Bhardwaj <abhishekbh@...gle.com> writes:
> > This change adds a new kernel configuration that sets the l1d cache
> > flush setting at compile time rather than at run time.
> >
> > The reasons for this change are as follows -
> >
> >  - Kernel command line arguments are getting unwieldy. These parameters
> >  are not a scalable way to set the kernel config. They're intended as a
> >  super limited way for the bootloader to pass info to the kernel and
> >  also as a way for end users who are not compiling the kernel themselves
> >  to tweak the kernel behavior.
> >
> >  - Also, if a user wants this setting from the start. It's a definite
> >  smell that it deserves to be a compile time thing rather than adding
> >  extra code plus whatever miniscule time at runtime to pass an
> >  extra argument.
> >
> >  - Finally, it doesn't preclude the runtime / kernel command line way.
> >  Users are free to use those as well.
>
> TBH, I don't see why this is a good idea.
>
>  1) I'm not following your argumentation that the command line option is
>     a poor Kconfig replacement. The L1TF mode is a boot time (module
>     load time) decision and the command line parameter is there to
>     override the carefully chosen and sensible default behaviour.

When you say that the default behavior is carefully chosen and
sensible, are you saying that (in your opinion) there would never be a
good reason for someone distributing a kernel to others to change the
default?  Certainly I agree that having the kernel command line
parameter is nice to allow someone to override whatever the person
building the kernel chose, but IMO it's not a good way to change the
default built-in to the kernel.

The current plan (as I understand it) is that we'd like to ship
Chromebook kernels with this option changed from the default that's
there now.  In your opinion, is that a sane thing to do?


>  2) You can add the desired mode to the compiled in (partial) kernel
>     command line today.

This might be easier on x86 than it is on ARM.  ARM (and ARM64)
kernels only have two modes: kernel provides cmdline and bootloader
provides cmdline.  There are out-of-mainline ANDROID patches to
address this but nothing in mainline.

The patch we're discussing now is x86-only so it's not such a huge
deal, but the fact that combining the kernel and bootloader
commandline never landed in mainline for arm/arm64 means that this
isn't a super common/expected thing to do.


>  3) Boot loaders are well capable of handling large kernel command lines
>     and the extra time spend for reading the parameter does not matter
>     at all.

Long command lines can still be a bit of a chore for humans to deal
with.  Many times I've needed to look at "/proc/cmdline" and make
sense of it.  The longer the command line is and the more cruft
stuffed into it the more of a chore it is.  Yes, this is just one
thing to put in the command line, but if 10 different drivers all have
their "one thing" to put there it gets really long.  If 100 different
drivers all want their one config option there it gets really really
long.  IMO the command line should be a last resort place to put
things and should just contain:

1. Legacy things that _have_ to be in the command line because they've
always been there.

2. Things that the bootloader/BIOS needs to communicate to the kernel
and has no better way to communicate.

3. Cases where the person running the kernel needs to override a
default set by the person compiling the kernel.


>  4) It's just a tiny part of the whole speculation maze. If we go there
>     for L1TF then we open the flood gates for a gazillion other config
>     options.

It seems like the only options that we'd need CONFIG option for would
be the ones where it would be sane to change the default compiled into
the kernel.  Hopefully that's not too many things?


>  5) It's completely useless for distro kernels.
>
>  6) The implementation is horrible. We have proper choice selectors
>     which allow to add parseable information instead of random numbers
>     and a help text.

If my other arguments make sense and Abhishek could just fix #6, would
that work?


Obviously, like many design choices, the above is all subjective.
It's really your call and if these arguments don't convince you it
sounds like the way forward is just to use "CONFIG_CMDLINE" and take
advantage of the fact that on x86 this will get merged with the
bootloader's command line.


-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ