Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp444125ima; Wed, 24 Oct 2018 04:02:30 -0700 (PDT) X-Google-Smtp-Source: AJdET5f3yzjVChj5bB2Fdr67SyZRJ1ZXgtE2SPmGFDclvKsLCWocPbRGwp20w13GtVnM+Ojh3FML X-Received: by 2002:a62:2ec3:: with SMTP id u186-v6mr1007104pfu.189.1540378950193; Wed, 24 Oct 2018 04:02:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540378950; cv=none; d=google.com; s=arc-20160816; b=gvE3TZEIi4a4XElja+pZKw1rcTHPLquRYSckKESL+SuQ/h0X0OPy558yAQ61/xY8CX pGpS5YJOEej2xrABebn7E3iO/9dthcM1ZZzJbKxZ5Ud37KfakGFjgyuQXf1HW1fhWohe 1AZrmbAcYUZZf4v+DkckWRwjrK61JA681b61rmVQHUs2OxtlS89liKeqGKD6+U+7LRUM X1kEX5mx2MZsj5moUK+gE/MpRaD10lmKSomGJ9mQZgSlLGHFImBUj6C62dW5x84GRVfG pOSbAXKWOlBQDkrGxbNm3Sxs4+/QUVZxYqlbpPN3sVB27NoGvq0ycD3l6LVV10cp/QQX TI3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:references:cc:to:from:subject :dkim-signature; bh=bX6RUfphyqHyZeURl0BA8FLGlS+eCWKi3wRWc0blAHc=; b=M8IDf/QJqbnO2fCJpf61+lpbxvrO3zWpdmuGZvkpGOg6Hutt9lS/uKMqriAjXeMs6c NnZJZKo9XAnXB85PhMRRd6TOmER5XRZXzRqOLk5EugkizRZQ6xBI7wNKFaj7Ect+pMwT HLpnlKwRXj5kR5RH1W18KJUuLjCaWCHOqSQwimW4jiu9cuCf50WwVjUfglyjIymySJcu v6fkCnIMQA+Feftj3AcaFgqjtwXP+6v+whbd3TbBiKjFdWfG0EJ3BKRi9tM3dbtx6Ndm 77+zlJyEHEsmwBxGOTrL9yZEI52sIKaziTusL/HqmWSA8Yx6N9n5KSfATw/6Vz4OfE8b kdbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=lW40+lCj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 32-v6si4512423pls.331.2018.10.24.04.02.14; Wed, 24 Oct 2018 04:02:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=lW40+lCj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727613AbeJXT2k (ORCPT + 99 others); Wed, 24 Oct 2018 15:28:40 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:53552 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727204AbeJXT2k (ORCPT ); Wed, 24 Oct 2018 15:28:40 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9OAxJfA180011; Wed, 24 Oct 2018 11:00:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : references : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=bX6RUfphyqHyZeURl0BA8FLGlS+eCWKi3wRWc0blAHc=; b=lW40+lCjvRV8Hnj+nmlkirIbCjelkz8hEpmzPkzs4KI8rOzlxgTZzfHBlC/nx/M+Bao8 0+g1whrfUQhco91143l8IV7yLhC5HuF5yqvmrPgi3jDq/fZRxGl3z0s2zozkxQ46twxW uNzQWbcEWyNdl6D8xN3e12VTO2NFUjthvy8kYkUoaNhUQ4bVtbZcpMqQPVooR1y2+rWI Ms6PRntW17yd+bnaFegSu1l5DOENS35RuGuyAtfJQMDx9VUqrWwzwwP8TyY4fEgSmdCA 9KbXdyui+yu1YrtdLkGAsGOG2Y9pooj6TUzgXD5lNju4FznE1/etwpGvPFVu9Q+xud5r TA== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2n7vaq2ssu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 24 Oct 2018 11:00:25 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9OB0Np5006816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 24 Oct 2018 11:00:24 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9OB0GQ7016489; Wed, 24 Oct 2018 11:00:22 GMT Received: from [192.168.15.133] (/47.8.173.234) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 24 Oct 2018 04:00:16 -0700 Subject: Re: Redoing eXclusive Page Frame Ownership (XPFO) with isolated CPUs in mind (for KVM to isolate its guests per CPU) From: Khalid Aziz To: "Stecklina, Julian" Cc: "juerg.haefliger@hpe.com" , "deepa.srinivasan@oracle.com" , "jmattson@google.com" , "andrew.cooper3@citrix.com" , "Woodhouse, David" , "torvalds@linux-foundation.org" , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , "boris.ostrovsky@oracle.com" , "pradeep.vincent@oracle.com" , "konrad.wilk@oracle.com" , "tglx@linutronix.de" , "kanth.ghatraju@oracle.com" , "joao.m.martins@oracle.com" , "liran.alon@oracle.com" , "ak@linux.intel.com" , "keescook@google.com" , "kernel-hardening@lists.openwall.com" , "chris.hyser@oracle.com" , "tyhicks@canonical.com" , "john.haxby@oracle.com" , "jcm@redhat.com" References: <5efc291c-b0ed-577e-02d1-285d080c293d@oracle.com> <7221975d-6b67-effa-2747-06c22c041e78@oracle.com> <1537800341.9745.20.camel@amazon.de> <063f5efc-afb2-471f-eb4b-79bf90db22dd@oracle.com> Organization: Oracle Corp Message-ID: <6cc985bb-6aed-4fb7-0ef2-43aad2717095@oracle.com> Date: Wed, 24 Oct 2018 16:30:42 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <063f5efc-afb2-471f-eb4b-79bf90db22dd@oracle.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9055 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=984 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810240099 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/15/2018 01:37 PM, Khalid Aziz wrote: > On 09/24/2018 08:45 AM, Stecklina, Julian wrote: >> I didn't test the version with TLB flushes, because it's clear that the >> overhead is so bad that no one wants to use this. > > I don't think we can ignore the vulnerability caused by not flushing > stale TLB entries. On a mostly idle system, TLB entries hang around long > enough to make it fairly easy to exploit this. I was able to use the > additional test in lkdtm module added by this patch series to > successfully read pages unmapped from physmap by just waiting for system > to become idle. A rogue program can simply monitor system load and mount > its attack using ret2dir exploit when system is mostly idle. This brings > us back to the prohibitive cost of TLB flushes. If we are unmapping a > page from physmap every time the page is allocated to userspace, we are > forced to incur the cost of TLB flushes in some way. Work Tycho was > doing to implement Dave's suggestion can help here. Once Tycho has > something working, I can measure overhead on my test machine. Tycho, I > can help with your implementation if you need. I looked at Tycho's last patch with batch update from . I ported it on top of Julian's patches and got it working well enough to gather performance numbers. Here is what I see for system times on a machine with dual Xeon E5-2630 and 256GB of memory when running "make -j30 all" on 4.18.6 kernel (percentages are relative to base 4.19-rc8 kernel without xpfo): Base 4.19-rc8 913.84s 4.19-rc8 + xpfo, no TLB flush 1027.985s (+12.5%) 4.19-rc8 + batch update, no TLB flush 970.39s (+6.2%) 4.19-rc8 + xpfo, TLB flush 8458.449s (+825.6%) 4.19-rc8 + batch update, TLB flush 4665.659s (+410.6%) Batch update is significant improvement but we are starting so far behind baseline, it is still a huge slow down. -- Khalid