From: Josh Poimboeuf <jpoimboe@redhat.com>
To: "Singh, Balbir" <sblbir@amazon.com>
Cc: "tglx@linutronix.de" <tglx@linutronix.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"tony.luck@intel.com" <tony.luck@intel.com>,
"keescook@chromium.org" <keescook@chromium.org>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"x86@kernel.org" <x86@kernel.org>,
"dave.hansen@intel.com" <dave.hansen@intel.com>
Subject: Re: [PATCH 0/3] arch/x86: Optionally flush L1D on context switch
Date: Thu, 2 Apr 2020 15:47:49 -0500 [thread overview]
Message-ID: <20200402204749.33ulub5jx66dktxg@treble> (raw)
In-Reply-To: <31c9720eff18ce167378e9a0017dcd73e0552164.camel@amazon.com>
On Thu, Apr 02, 2020 at 08:35:46PM +0000, Singh, Balbir wrote:
> On Thu, 2020-04-02 at 15:13 -0500, Josh Poimboeuf wrote:
> > CAUTION: This email originated from outside of the organization. Do not
> > click links or open attachments unless you can confirm the sender and know
> > the content is safe.
> >
> >
> >
> > On Thu, Apr 02, 2020 at 05:23:58PM +1100, Balbir Singh wrote:
> > > Provide a mechanisn to flush the L1D cache on context switch. The goal
> > > is to allow tasks that are paranoid due to the recent snoop assisted data
> > > sampling vulnerabilites, to flush their L1D on being switched out.
> >
> > Hi Balbir,
> >
> > Just curious, is it really vulnerabilities, plural? I thought there was
> > only one: CVE-2020-0550 (Snoop-assisted L1 Data Sampling).
> >
> > (There was a similar one without the "snoop": L1D Eviction Sampling, but
> > it's supposed to get fixed in microcode).
> >
>
> Hi, Josh
>
> Yes, that CVE the motivation, the mitigation for CVE-2020-0550 does suggest
> flushing the cache on context switch. But in general, as we begin to find more
> ways of evicting data or snopping data, a generic mechanism is more useful and
> that is why I am making it an opt-in.
Ok. I think it would be a good idea to expand on that justification
more precisely in the commit message. That would help both reviewers of
the code and users of the new option understand what level of paranoia
they're opting in to :-)
--
Josh
next prev parent reply other threads:[~2020-04-02 20:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 6:23 [PATCH 0/3] arch/x86: Optionally flush L1D on context switch Balbir Singh
2020-04-02 6:23 ` [PATCH 1/3] arch/x86/kvm: Refactor l1d flush lifecycle management Balbir Singh
2020-04-02 6:24 ` [PATCH 2/3] arch/x86: Refactor tlbflush and l1d flush Balbir Singh
2020-04-02 6:24 ` [PATCH 3/3] arch/x86: Optionally flush L1D on context switch Balbir Singh
2020-04-02 22:11 ` Borislav Petkov
2020-04-02 22:18 ` Singh, Balbir
2020-04-02 20:13 ` [PATCH 0/3] " Josh Poimboeuf
2020-04-02 20:35 ` Singh, Balbir
2020-04-02 20:47 ` Josh Poimboeuf [this message]
2020-04-02 21:45 ` Thomas Gleixner
2020-04-02 22:23 ` Singh, Balbir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200402204749.33ulub5jx66dktxg@treble \
--to=jpoimboe@redhat.com \
--cc=benh@kernel.crashing.org \
--cc=dave.hansen@intel.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sblbir@amazon.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).