Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp1936843ybk; Mon, 11 May 2020 07:57:31 -0700 (PDT) X-Google-Smtp-Source: APiQypIWHtOwBJN8ku/sDwf4k/zZt56b06+7penSKSYchkhKPjxR3xzRNlYaS3xXa8BroL17WPBL X-Received: by 2002:a17:906:34c4:: with SMTP id h4mr14017924ejb.167.1589209050717; Mon, 11 May 2020 07:57:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589209050; cv=none; d=google.com; s=arc-20160816; b=oMpu7BhVbtyw6Jo+OBsk84Z1ZepV/FnhoAFVvmTN2GbmVoIh06hvipX5c2I+J/Sh1m R1SNR/kaz+vihlYndG8gs5YLSq6Nnno2ZTQ0xSDmz7mtjst6ViBk9w1h4s/ZvQ4tdv7x kCICFX1X+COndeWUBLmjwmg2QMzETsGShWu+CQmR7CCCeCheX2DPujlCqO/bm5n58235 Ce2rf6gKthmZ7BEjoOTRVQuNaGSVvDrJmgv0qe2R9NBSToJaZ+ffU/zoUqWIfeJdJ9Wz ur1wNF0Nod8320Az9ugDiUwAQux2bx7u9wUgVXf8Ic9SGxX0+mun629kX9h+5BQEEBXb mb5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=j4cTbhBEuzkRPdUYgvhBb3SOKxTd9Blhp/EM3p/3NNE=; b=kGPRSS9xEj1vZfCn6OUk+qeipkAXPfPhqt8symT15Bpr4gCer+PS/ZpcoVYntlUSSM IwF7bi4VoUoNDIUppF87lUI/vvk5XX90V35ni7g7X5ryuKnrh0mdIVwZQivoJauR1cfs l6s62RukePIYOAfvIAjM63OB3FKRrWW8Hfs/IqXBq2HGzaSB3Mh+xgnUbWeXZJK4U/Fz z4hRKtRe/aUkJiavlHhHBcgCXmt1Q2K0zVy+P7+JJLoBVMxyUnVwMkHHaAIlrcmYzhoQ na+7AxRS6MmGEgXt9epYaIBcNKNJ2OPsgYDL4ZlcMw3vDVMoi8x49HpFk6sD60yRlc3F Xy8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=Qmt0davu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i29si2908807edj.93.2020.05.11.07.57.06; Mon, 11 May 2020 07:57:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=Qmt0davu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727994AbgEKOzI (ORCPT + 99 others); Mon, 11 May 2020 10:55:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43488 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726410AbgEKOzH (ORCPT ); Mon, 11 May 2020 10:55:07 -0400 Received: from mail-il1-x141.google.com (mail-il1-x141.google.com [IPv6:2607:f8b0:4864:20::141]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55209C061A0C for ; Mon, 11 May 2020 07:55:06 -0700 (PDT) Received: by mail-il1-x141.google.com with SMTP id b18so641054ilf.2 for ; Mon, 11 May 2020 07:55:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=j4cTbhBEuzkRPdUYgvhBb3SOKxTd9Blhp/EM3p/3NNE=; b=Qmt0davupjiYVu1SLiWVLBR6s9BkOUUSUU1ayEVcBxGlaHKqe1IuuQlwsuzy4pfFuq ++A89cYwrQ/2pnyDtD0k0BqyJVtnGB/2wt2gMmBOTNY2AvOUcStPtOYycJjIva9Fnq0i npqwYDfquFOENdPpKawKn8ZhSQ4udZKqLkQeM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=j4cTbhBEuzkRPdUYgvhBb3SOKxTd9Blhp/EM3p/3NNE=; b=j09w3ENmyoaPkrNvC8SJN7wdXrdI2C2GkyBRFuomVgbvMBN3q1n217aIxtF7zQGTwG bv2cp+yEkPNvzsb9AwGFr2dox0CTo7bRjH68X0bzgtGniTjxAa1mhpnjRD0Iu++127G/ +1V51uCKoNyfuTI1YpNqgzOxQoopQf/2N4PYXfM2FDNQy6vkktj5O7DwNVP5rBfyN32G clHB1P+uN0uLhANe0/l2tCQicydlP6EfgZltLfMeGVaN1OkV7sKhyu5NhKDblBTGuHMj tp5LLEV17NDIQf2ZqFHO0QlszwjjoO1L2Jj8wCfN7bNDIsc0787V4L1/c8/9+Nr3lXwj Lj4A== X-Gm-Message-State: AGi0PubTH5zI8d8OeSLJgaPdPIpIlNTPxa3g2oTd3J032jQ/3JmuNfhw BAKV0dO4TbNs4Dv07iNcfISOzUozw2IaGtYQCkEIzw== X-Received: by 2002:a05:6e02:80e:: with SMTP id u14mr17777271ilm.176.1589208905586; Mon, 11 May 2020 07:55:05 -0700 (PDT) MIME-Version: 1.0 References: <20200510234652.249917-1-joel@joelfernandes.org> <20200511134921.GC2940@hirez.programming.kicks-ass.net> In-Reply-To: <20200511134921.GC2940@hirez.programming.kicks-ass.net> From: Joel Fernandes Date: Mon, 11 May 2020 10:54:54 -0400 Message-ID: Subject: Re: [PATCH RFC] Add support for core-wide protection of IRQ and softirq To: Peter Zijlstra Cc: LKML , "Paul E . McKenney" , Vineeth Pillai , Allison Randal , Armijn Hemel , Ben Segall , Dietmar Eggemann , Ingo Molnar , Juri Lelli , Mel Gorman , Muchun Song , Steven Rostedt , Thomas Gleixner , Vincent Guittot Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 11, 2020 at 9:49 AM Peter Zijlstra wrote: > > On Sun, May 10, 2020 at 07:46:52PM -0400, Joel Fernandes (Google) wrote: > > With current core scheduling patchset, non-threaded IRQ and softirq > > victims can leak data from its hyperthread to a sibling hyperthread > > running an attacker. > > > > For MDS, it is possible for the IRQ and softirq handlers to leak data to > > either host or guest attackers. For L1TF, it is possible to leak to > > guest attackers. There is no possible mitigation involving flushing of > > buffers to avoid this since the execution of attacker and victims happen > > concurrently on 2 or more HTs. > > > > The solution in this patch is to monitor the outer-most core-wide > > irq_enter() and irq_exit() executed by any sibling. In between these > > two, we mark the core to be in a special core-wide IRQ state. > > Another possible option is force_irqthreads :-) That would cure it > nicely. Yes true, it was definitely my "plan B" at one point if this patch showed any regression. Lastly, people not doing force_irqthreads would still leave a hole open and it'd be nice to solve it by "default" than depending on user/sysadmin configuration (same argument against interrupt affinities, it is another knob for the sysadmin/designer to configure correctly, Another argument being not all interrupts can be threaded / affinitized). Thanks in advance for reviewing the patch, - Joel