Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S942972AbcJ1HHH (ORCPT ); Fri, 28 Oct 2016 03:07:07 -0400 Received: from mail-wm0-f47.google.com ([74.125.82.47]:34853 "EHLO mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S938643AbcJ1HHG (ORCPT ); Fri, 28 Oct 2016 03:07:06 -0400 Date: Fri, 28 Oct 2016 09:07:01 +0200 From: Ingo Molnar To: Pavel Machek Cc: Kees Cook , Peter Zijlstra , Arnaldo Carvalho de Melo , kernel list , Ingo Molnar , Alexander Shishkin , "kernel-hardening@lists.openwall.com" Subject: Re: rowhammer protection [was Re: Getting interrupt every million cache misses] Message-ID: <20161028070701.GA11376@gmail.com> References: <20161026204748.GA11177@amd> <20161027082801.GE3568@worktop.programming.kicks-ass.net> <20161027091104.GB19469@amd> <20161027093334.GK3102@twins.programming.kicks-ass.net> <20161027212747.GA18147@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161027212747.GA18147@amd> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1010 Lines: 30 * Pavel Machek wrote: > +static void rh_overflow(struct perf_event *event, struct perf_sample_data *data, struct pt_regs *regs) > +{ > + u64 *ts = this_cpu_ptr(&rh_timestamp); /* this is NMI context */ > + u64 now = ktime_get_mono_fast_ns(); > + s64 delta = now - *ts; > + > + *ts = now; > + > + /* FIXME msec per usec, reverse logic? */ > + if (delta < 64 * NSEC_PER_MSEC) > + mdelay(56); > +} I'd suggest making the absolute delay sysctl tunable, because 'wait 56 msecs' is very magic, and do we know it 100% that 56 msecs is what is needed everywhere? Plus I'd also suggest exposing an 'NMI rowhammer delay count' in /proc/interrupts, to make it easier to debug this. (Perhaps only show the line if the count is nonzero.) Finally, could we please also add a sysctl and Kconfig that allows this feature to be turned on/off, with the default bootup value determined by the Kconfig value (i.e. by the distribution)? Similar to CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE. Thanks, Ingo