Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp121982imm; Thu, 11 Oct 2018 16:44:22 -0700 (PDT) X-Google-Smtp-Source: ACcGV60+3zwdK718jg0plIINmV57epf7+u0QvUF+405P0LNChqkLO61uyKLXEove0Yp7lpoTniXO X-Received: by 2002:a17:902:4a0c:: with SMTP id w12-v6mr3416619pld.289.1539301461932; Thu, 11 Oct 2018 16:44:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539301461; cv=none; d=google.com; s=arc-20160816; b=os30JLuHB7Ums5dtyYW9a5IRSw/JrllDmqI62tedZNKcZkdhfjMZ0ismxLKnIhRsbu RBK0PG3/Du2NMZLQPcvF+fAhnmEPMgB8y7AhPCWof9j3qiqIAC0k7qJZ2Rzebcv7SRJD n9SYysiqXDPCq/kwDicGjvKanx6rtlzp4Ll12yo7PItpxwgBOcva3ZX6vIikt/W5D/ly zHwwUVlPPRcSPR1odDC6ZMzvS0igBKcSMCEDi+EBf9wWQUY1cJcIu7ILQUdfe9obOjDe xiZiNH/CkNaZzRCZwUb2EEDDXX6TcLKU7ZI/GBj/wTwQ64s9f7Tv96g4i/kZjGqm/kaT Ugzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=+80hHH/twbBzaE1ZYMsglnpaFVu/C5Hamb0hodR+oDY=; b=JvW2Tb+vaHjVV4LoskCuSRfO2pI/u1FACfluCs7txlBlXPliUTudzLRuHLCMvkwHWG BMJNNMuzNTd7Qk9dROsWrWj0smlarNL4M+C67TA3AZdtYf7xPhmWL05YaJwbKWgAT05D INXAdeiWHaAJbv2ZaqhDdINObZqqEdfhB4BTlBJdPv9bgl23FqK2orjLUNmoXqgJwkI6 ASvPOGoMohfmy2q9GxDnGvEpFRs3rkEV0nNhzkMwthQOOPVUob+MiVAKvSMDyBr8WUnB 1pltxeR3bQUZT0vYyToIA75JpOBz8utrmW9s/JS9yK4OkCUm2/heb0i4wZlXE7lM7pdE nCQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11-v6si25720493pgs.179.2018.10.11.16.44.06; Thu, 11 Oct 2018 16:44:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726907AbeJLHNN (ORCPT + 99 others); Fri, 12 Oct 2018 03:13:13 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:48858 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725825AbeJLHNN (ORCPT ); Fri, 12 Oct 2018 03:13:13 -0400 Received: from p5492fe24.dip0.t-ipconnect.de ([84.146.254.36] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gAkbx-0004Iz-Nr; Fri, 12 Oct 2018 01:43:21 +0200 Date: Fri, 12 Oct 2018 01:43:21 +0200 (CEST) From: Thomas Gleixner To: Kristen C Accardi cc: Kees Cook , Andy Lutomirski , Kernel Hardening , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , LKML Subject: Re: [PATCH] x86: entry: flush the cache if syscall error In-Reply-To: <1539293003.3566.15.camel@linux.intel.com> Message-ID: References: <20181011185458.10186-1-kristen@linux.intel.com> <1539293003.3566.15.camel@linux.intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 11 Oct 2018, Kristen C Accardi wrote: > On Thu, 2018-10-11 at 13:55 -0700, Kees Cook wrote: > > I think this looks like a good idea. It might be worth adding a > > comment about the checks to explain why those errors are whitelisted. > > It's a cheap and effective mitigation for "unknown future problems" > > that doesn't degrade normal workloads. > > > > > > + return; > > > > + > > > > + wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH); > > > > What about CPUs without FLUSH_L1D? Could it be done manually with a > > memcpy or something? > > It could - my original implementation (pre l1d_flush msr) did, but it > did come with some additional cost in that I allocated per-cpu memory > to keep a 32K buffer around that I could memcpy. It also sacrificed > completeness for simplicity by not taking into account cases where L1 > was not 32K. As far as I know this msr is pretty widely deployed, even > on older hardware. You don't need that per cpu thing, really. We have both the MSR flush and the software fallback in KVM vmx_l1d_flush(). The performance impact is pretty much the same between the MSR flush and the software fallback. Vs. deployment of the MSR. I'm not sure how wide this is supported on older CPUs as there have been limitations on microcode patch space, but I can't find the support matrix right now. Thanks Intel for reshuffling the webpage every other week! Thanks, tglx