From: Davidlohr Bueso <dave@stgolabs.net>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Mark Rutland <mark.rutland@arm.com>,
Dave Jiang <dave.jiang@intel.com>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev,
bwidawsk@kernel.org, ira.weiny@intel.com,
vishal.l.verma@intel.com, alison.schofield@intel.com,
a.manzanares@samsung.com, linux-arch@vger.kernel.org,
Arnd Bergmann <arnd@arndb.de>,
linux-arm-kernel@lists.infradead.org, bp@alien8.de,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arch/cacheflush: Introduce flush_all_caches()
Date: Tue, 16 Aug 2022 09:53:01 -0700 [thread overview]
Message-ID: <20220816165301.4m4w6zsse62z4hxz@offworld> (raw)
In-Reply-To: <62fbcae511ec1_dfbc129453@dwillia2-xfh.jf.intel.com.notmuch>
On Tue, 16 Aug 2022, Dan Williams wrote:
>Peter Zijlstra wrote:
>> On Mon, Aug 15, 2022 at 09:07:06AM -0700, Davidlohr Bueso wrote:
>> > diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h
>> > index b192d917a6d0..ce2ec9556093 100644
>> > --- a/arch/x86/include/asm/cacheflush.h
>> > +++ b/arch/x86/include/asm/cacheflush.h
>> > @@ -10,4 +10,7 @@
>> >
>> > void clflush_cache_range(void *addr, unsigned int size);
>> >
>> > +#define flush_all_caches() \
>> > + do { wbinvd_on_all_cpus(); } while(0)
>> > +
>>
>> This is horrific... we've done our utmost best to remove all WBINVD
>> usage and here you're adding it back in the most horrible form possible
>> ?!?
>>
>> Please don't do this, do *NOT* use WBINVD.
>
>Unfortunately there are a few good options here, and the changelog did
>not make clear that this is continuing legacy [1], not adding new wbinvd
>usage.
While I was hoping that it was obvious from the intel.c changes that this
was not a new wbinvd, I can certainly improve the changelog with the below.
Thanks,
Davidlohr
>
>The functionality this is enabling is to be able to instantaneously
>secure erase potentially terabytes of memory at once and the kernel
>needs to be sure that none of the data from before the secure is still
>present in the cache. It is also used when unlocking a memory device
>where speculative reads and firmware accesses could have cached poison
>from before the device was unlocked.
>
>This capability is typically only used once per-boot (for unlock), or
>once per bare metal provisioning event (secure erase), like when handing
>off the system to another tenant. That small scope plus the fact that
>none of this is available to a VM limits the potential damage. So,
>similar to the mitigation we did in [2] that did not kill off wbinvd
>completely, this is limited to specific scenarios and should be disabled
>in any scenario where wbinvd is painful / forbidden.
>
>[1]: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
>[2]: e2efb6359e62 ("ACPICA: Avoid cache flush inside virtual machines")
WARNING: multiple messages have this Message-ID (diff)
From: Davidlohr Bueso <dave@stgolabs.net>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Mark Rutland <mark.rutland@arm.com>,
Dave Jiang <dave.jiang@intel.com>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev,
bwidawsk@kernel.org, ira.weiny@intel.com,
vishal.l.verma@intel.com, alison.schofield@intel.com,
a.manzanares@samsung.com, linux-arch@vger.kernel.org,
Arnd Bergmann <arnd@arndb.de>,
linux-arm-kernel@lists.infradead.org, bp@alien8.de,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arch/cacheflush: Introduce flush_all_caches()
Date: Tue, 16 Aug 2022 09:53:01 -0700 [thread overview]
Message-ID: <20220816165301.4m4w6zsse62z4hxz@offworld> (raw)
In-Reply-To: <62fbcae511ec1_dfbc129453@dwillia2-xfh.jf.intel.com.notmuch>
On Tue, 16 Aug 2022, Dan Williams wrote:
>Peter Zijlstra wrote:
>> On Mon, Aug 15, 2022 at 09:07:06AM -0700, Davidlohr Bueso wrote:
>> > diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h
>> > index b192d917a6d0..ce2ec9556093 100644
>> > --- a/arch/x86/include/asm/cacheflush.h
>> > +++ b/arch/x86/include/asm/cacheflush.h
>> > @@ -10,4 +10,7 @@
>> >
>> > void clflush_cache_range(void *addr, unsigned int size);
>> >
>> > +#define flush_all_caches() \
>> > + do { wbinvd_on_all_cpus(); } while(0)
>> > +
>>
>> This is horrific... we've done our utmost best to remove all WBINVD
>> usage and here you're adding it back in the most horrible form possible
>> ?!?
>>
>> Please don't do this, do *NOT* use WBINVD.
>
>Unfortunately there are a few good options here, and the changelog did
>not make clear that this is continuing legacy [1], not adding new wbinvd
>usage.
While I was hoping that it was obvious from the intel.c changes that this
was not a new wbinvd, I can certainly improve the changelog with the below.
Thanks,
Davidlohr
>
>The functionality this is enabling is to be able to instantaneously
>secure erase potentially terabytes of memory at once and the kernel
>needs to be sure that none of the data from before the secure is still
>present in the cache. It is also used when unlocking a memory device
>where speculative reads and firmware accesses could have cached poison
>from before the device was unlocked.
>
>This capability is typically only used once per-boot (for unlock), or
>once per bare metal provisioning event (secure erase), like when handing
>off the system to another tenant. That small scope plus the fact that
>none of this is available to a VM limits the potential damage. So,
>similar to the mitigation we did in [2] that did not kill off wbinvd
>completely, this is limited to specific scenarios and should be disabled
>in any scenario where wbinvd is painful / forbidden.
>
>[1]: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
>[2]: e2efb6359e62 ("ACPICA: Avoid cache flush inside virtual machines")
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-08-16 17:29 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-07-15 21:09 ` Davidlohr Bueso
2022-08-03 16:29 ` Jonathan Cameron
2022-07-18 5:34 ` [PATCH RFC 1/15] " Davidlohr Bueso
2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang
2022-07-18 6:29 ` [PATCH RFC 2/15] " Davidlohr Bueso
2022-08-03 16:36 ` [PATCH RFC 02/15] " Jonathan Cameron
2022-08-09 20:30 ` Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-08-03 16:51 ` Jonathan Cameron
2022-07-15 21:08 ` [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-07-18 6:36 ` [PATCH RFC 4/15] " Davidlohr Bueso
2022-07-19 18:55 ` Dave Jiang
2022-08-03 17:01 ` [PATCH RFC 04/15] " Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-08-03 17:15 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-08-03 17:21 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang
2022-07-18 5:30 ` Davidlohr Bueso
2022-07-19 19:07 ` Dave Jiang
2022-08-03 17:37 ` Jonathan Cameron
2022-08-03 17:37 ` Jonathan Cameron
2022-08-09 21:47 ` Dave Jiang
2022-08-09 21:47 ` Dave Jiang
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:31 ` Eliot Moss
2022-08-10 14:31 ` Eliot Moss
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:11 ` Eliot Moss
2022-08-10 18:11 ` Eliot Moss
2022-08-10 20:06 ` Dan Williams
2022-08-10 20:06 ` Dan Williams
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-15 16:07 ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso
2022-08-15 16:07 ` Davidlohr Bueso
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:53 ` Davidlohr Bueso [this message]
2022-08-16 16:53 ` Davidlohr Bueso
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 18:49 ` Dan Williams
2022-08-16 18:49 ` Dan Williams
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-08-04 13:19 ` Jonathan Cameron
2022-08-09 22:31 ` Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-07-20 6:17 ` Davidlohr Bueso
2022-07-20 17:38 ` Dave Jiang
2022-07-20 18:02 ` Davidlohr Bueso
2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso
2022-07-19 18:53 ` Dave Jiang
2022-08-03 17:03 ` Jonathan Cameron
2022-08-08 22:18 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220816165301.4m4w6zsse62z4hxz@offworld \
--to=dave@stgolabs.net \
--cc=Jonathan.Cameron@huawei.com \
--cc=a.manzanares@samsung.com \
--cc=alison.schofield@intel.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bwidawsk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=ira.weiny@intel.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=nvdimm@lists.linux.dev \
--cc=peterz@infradead.org \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.