| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251124193126.sdmrhk6dw4jgf5ql@desk> Date: Mon, 24 Nov 2025 11:31:26 -0800 From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com> To: david laight <david.laight@...box.com> Cc: Dave Hansen <dave.hansen@...el.com>, Nikolay Borisov <nik.borisov@...e.com>, x86@...nel.org, David Kaplan <david.kaplan@....com>, "H. Peter Anvin" <hpa@...or.com>, Josh Poimboeuf <jpoimboe@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, Asit Mallick <asit.k.mallick@...el.com>, Tao Zhang <tao1.zhang@...el.com>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [PATCH v4 04/11] x86/bhi: Make clear_bhb_loop() effective on newer CPUs On Sat, Nov 22, 2025 at 11:05:58AM +0000, david laight wrote: > On Fri, 21 Nov 2025 13:26:27 -0800 > Pawan Gupta <pawan.kumar.gupta@...ux.intel.com> wrote: > > > On Fri, Nov 21, 2025 at 10:42:24AM -0800, Dave Hansen wrote: > > > On 11/21/25 10:16, Pawan Gupta wrote: > > > > On Fri, Nov 21, 2025 at 08:50:17AM -0800, Dave Hansen wrote: > > > >> On 11/21/25 08:45, Nikolay Borisov wrote: > > > >>> OTOH: the global variable approach seems saner as in the macro you'd > > > >>> have direct reference to them and so it will be more obvious how things > > > >>> are setup. > > > >> > > > >> Oh, yeah, duh. You don't need to pass the variables in registers. They > > > >> could just be read directly. > > > > > > > > IIUC, global variables would introduce extra memory loads that may slow > > > > things down. I will try to measure their impact. I think those global > > > > variables should be in the .entry.text section to play well with PTI. > > > > > > Really? I didn't look exhaustively, but CLEAR_BRANCH_HISTORY seems to > > > get called pretty close to where the assembly jumps into C. Long after > > > we're running on the kernel CR3. > > > > You are right. PTI is not a concern here. > > > > > > Also I was preferring constants because load values from global variables > > > > may also be subject to speculation. Although any speculation should be > > > > corrected before an indirect branch is executed because of the LFENCE after > > > > the sequence. > > > > > > I guess that's a theoretical problem, but it's not a practical one. > > > > Probably yes. But, load from memory would certainly be slower compared to > > immediates. > > > > > So I think we have 4-ish options at this point: > > > > > > 1. Generate the long and short sequences independently and in their > > > entirety and ALTERNATIVE between them (the original patch) > > > 2. Store the inner/outer loop counts in registers and: > > > 2a. Load those registers from variables > > > 2b. Load them from ALTERNATIVES > > > > Both of these look to be good options to me. > > > > 2b. would be my first preference, because it keeps the loop counts as > > inline constants. The resulting sequence stays the same as it is today. > > > > > 3. Store the inner/outer loop counts in variables in memory > > > > I could be wrong, but this will likely have non-zero impact on performance. > > I am afraid to cause any regressions in BHI mitigation. That is why I > > preferred the least invasive approach in my previous attempts. > > Surely it won't be significant compared to the cost of the loop itself. > That is the bit that really kills performance. Correct, recent data suggests the same. > For subtle reasons one of the mitigations that slows kernel entry caused > a doubling of the execution time of a largely single-threaded task that > spends almost all its time in userspace! > (I thought I'd disabled it at compile time - but the config option > changed underneath me...) That is surprising. If its okay, could you please share more details about this application? Or any other way I can reproduce this?
Powered by blists - more mailing lists