Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp820061pxf; Thu, 8 Apr 2021 13:24:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzX+YKe9QpgAHt4w/klLPsBTCVoSAwtY7FcrgiUOu6kw24R5qSVSTTLww+Y2VZ/YdCLl/TH X-Received: by 2002:a17:90b:d95:: with SMTP id bg21mr10474860pjb.159.1617913446805; Thu, 08 Apr 2021 13:24:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617913446; cv=none; d=google.com; s=arc-20160816; b=qXx8J1nwUnPHvX0CuNsvypVauOqhvarzY/jLvwWNXB8R6j9I05hP8gh1+OeQq+AzLN mVi3RnE0f2cXKcUreLUxq0XtDJTRgs02Xm+7mkQcEIWBaif7JQWdk4iuSo1aYhHo37Pr +jR4tfgL1dNxZhqSz0gaaDmX0sKMM+ZIbCdEjcDnm7Jt3uC6V1JFKZEsMaCg5cGQFWIm 48kcsVJ1Y+u38Q1FD+Jkq5TzwH43VleDFZ3fLI4YbecHlRt9sxLfOOG8k3Rxg1eNv7V+ 1jrMo0BHzvZGpUg/a7EP+kFgg4bVS9g4QQtW2sdoiMF72juG0L5RU0OZdmoZPQ5OTL8Q LCnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Z3faoKTmut0b+H791nuk4RfV65azdQNFfXkzkcIwqc0=; b=L2blOPc1/eg6zSJkQJV/bwGUEH3oHeCcZU6I2SoNJCe/3uyqLMuIqII0FQ5kiaywCL eEuctZNMwLAYJQ8S3ow4+cvBwRjxyhMMKdUT2CYyYOmDyCIfgWNyned4YCaYtWnfkrrz 2MxviD+c2y4nMWTWm9o8tGvx9Q/PfFEgcqiwW80daPdYKrX+FpSQEl0sLAXHUds778MR 7pegUI9LPuyq0/i8dsV/hor4lha8h3VMa5TMApp2En5GjjpudMrAIvj9bP8ggfqwD4up PCPMZcLLKNU+lnkgiTSjtTrrDvV9sCLz85kL2/p3wC9vtQoNCLXs9VRca2qJ4mv/i7x6 e+bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WRM0NK6a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si334722plm.258.2021.04.08.13.23.52; Thu, 08 Apr 2021 13:24:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WRM0NK6a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231897AbhDHUXU (ORCPT + 99 others); Thu, 8 Apr 2021 16:23:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231451AbhDHUXU (ORCPT ); Thu, 8 Apr 2021 16:23:20 -0400 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1031C061760 for ; Thu, 8 Apr 2021 13:23:08 -0700 (PDT) Received: by mail-pf1-x42f.google.com with SMTP id i190so2669098pfc.12 for ; Thu, 08 Apr 2021 13:23:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Z3faoKTmut0b+H791nuk4RfV65azdQNFfXkzkcIwqc0=; b=WRM0NK6ahXYlnABx14y7wNAK3ARCzvs0N/LziWW63jFcLOiDNLmHoTPnoSvXx0213d pR3G6T0GwBHwUs6TmBDWUgy5YbuWK4Bs00EXAk4qPHrn5x+53iHoJebQDf/qydGaOuy4 r/2+W3hXp0YpWxEGMPVQb+PgZJIRZiSUSgZWw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Z3faoKTmut0b+H791nuk4RfV65azdQNFfXkzkcIwqc0=; b=C9Beg+uqMPsvhKVUgpghgLO2ideXELQ4oKLVpTd4Kjk/AdJW3F2re3+q44HbMtrSak +DSi307+BFAaPFaGvkwvUVcsaMGAzLy1SYJ3DU3OGkHqkkc3lFlkbcaDIKyJDykGq0nx fFYGn/eRr5svzU1s5muKQpFCawRQ6Jv0JrVzYY4C772kL3MaTLRBDQ7KJWoip6P5T9fo Qoes6CSyQI6aMgb5CdPNzLSpdNCiYYgeBbXnz6K5owW7wHMkyHydU7R4pGIGtb22vbpG WjV0LQwTWauB25KxF3Ke6ILy17NsSXKm8uryZ6PHRy96EVuCWr7y6PIF/Xh8vneQNCaz sjVA== X-Gm-Message-State: AOAM532BEKfH7Lhllqvs7CBYh57cSEYgh8tpMATcIU3Jhe/prZkul+m1 2cGmGceDTp48I9Zfqnc2Y3x89Q== X-Received: by 2002:a63:3244:: with SMTP id y65mr10002081pgy.197.1617913388148; Thu, 08 Apr 2021 13:23:08 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h19sm283747pfc.172.2021.04.08.13.23.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Apr 2021 13:23:07 -0700 (PDT) Date: Thu, 8 Apr 2021 13:23:06 -0700 From: Kees Cook To: "Singh, Balbir" , tglx@linutronix.de Cc: "mingo@redhat.com" , "linux-kernel@vger.kernel.org" , "peterz@infradead.org" , "torvalds@linux-foundation.org" , "jpoimboe@redhat.com" , "x86@kernel.org" , "tony.luck@intel.com" , "dave.hansen@intel.com" , "thomas.lendacky@amd.com" , "benh@kernel.crashing.org" , linux-hardening@vger.kernel.org Subject: Re: [PATCH v4 0/5] Next revision of the L1D flush patches Message-ID: <202104081319.DAB1D817@keescook> References: <20210108121056.21940-1-sblbir@amazon.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org *thread necromancy* https://lore.kernel.org/lkml/20210108121056.21940-1-sblbir@amazon.com/ On Mon, Jan 25, 2021 at 09:27:38AM +0000, Singh, Balbir wrote: > On Fri, 2021-01-08 at 23:10 +1100, Balbir Singh wrote: > > Implement a mechanism that allows tasks to conditionally flush > > their L1D cache (mitigation mechanism suggested in [2]). The previous > > posts of these patches were sent for inclusion (see [3]) and were not > > included due to the concern for the need for additional checks, > > those checks were: > > > > 1. Implement this mechanism only for CPUs affected by the L1TF bug > > 2. Disable the software fallback > > 3. Provide an override to enable this mechanism > > 4. Be SMT aware in the implementation > > [...] > Ping on any review comments? Suggested refactoring? Hi! I'd still really like to see this -- it's a big hammer, but that's the point for cases where some new flaw appears and we can point to the toolbox and say "you can mitigate it with this while you wait for new kernel/CPU." Any further thoughts from x86 maintainers? This seems like it addressed all of tglx's review comments. -- Kees Cook