From: Davidlohr Bueso <dave@stgolabs.net> To: Dan Williams <dan.j.williams@intel.com> Cc: Peter Zijlstra <peterz@infradead.org>, Mark Rutland <mark.rutland@arm.com>, Dave Jiang <dave.jiang@intel.com>, Jonathan Cameron <Jonathan.Cameron@huawei.com>, linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev, bwidawsk@kernel.org, ira.weiny@intel.com, vishal.l.verma@intel.com, alison.schofield@intel.com, a.manzanares@samsung.com, linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, linux-arm-kernel@lists.infradead.org, bp@alien8.de, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] arch/cacheflush: Introduce flush_all_caches() Date: Tue, 16 Aug 2022 09:53:01 -0700 [thread overview] Message-ID: <20220816165301.4m4w6zsse62z4hxz@offworld> (raw) In-Reply-To: <62fbcae511ec1_dfbc129453@dwillia2-xfh.jf.intel.com.notmuch> On Tue, 16 Aug 2022, Dan Williams wrote: >Peter Zijlstra wrote: >> On Mon, Aug 15, 2022 at 09:07:06AM -0700, Davidlohr Bueso wrote: >> > diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h >> > index b192d917a6d0..ce2ec9556093 100644 >> > --- a/arch/x86/include/asm/cacheflush.h >> > +++ b/arch/x86/include/asm/cacheflush.h >> > @@ -10,4 +10,7 @@ >> > >> > void clflush_cache_range(void *addr, unsigned int size); >> > >> > +#define flush_all_caches() \ >> > + do { wbinvd_on_all_cpus(); } while(0) >> > + >> >> This is horrific... we've done our utmost best to remove all WBINVD >> usage and here you're adding it back in the most horrible form possible >> ?!? >> >> Please don't do this, do *NOT* use WBINVD. > >Unfortunately there are a few good options here, and the changelog did >not make clear that this is continuing legacy [1], not adding new wbinvd >usage. While I was hoping that it was obvious from the intel.c changes that this was not a new wbinvd, I can certainly improve the changelog with the below. Thanks, Davidlohr > >The functionality this is enabling is to be able to instantaneously >secure erase potentially terabytes of memory at once and the kernel >needs to be sure that none of the data from before the secure is still >present in the cache. It is also used when unlocking a memory device >where speculative reads and firmware accesses could have cached poison >from before the device was unlocked. > >This capability is typically only used once per-boot (for unlock), or >once per bare metal provisioning event (secure erase), like when handing >off the system to another tenant. That small scope plus the fact that >none of this is available to a VM limits the potential damage. So, >similar to the mitigation we did in [2] that did not kill off wbinvd >completely, this is limited to specific scenarios and should be disabled >in any scenario where wbinvd is painful / forbidden. > >[1]: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs") >[2]: e2efb6359e62 ("ACPICA: Avoid cache flush inside virtual machines")
WARNING: multiple messages have this Message-ID (diff)
From: Davidlohr Bueso <dave@stgolabs.net> To: Dan Williams <dan.j.williams@intel.com> Cc: Peter Zijlstra <peterz@infradead.org>, Mark Rutland <mark.rutland@arm.com>, Dave Jiang <dave.jiang@intel.com>, Jonathan Cameron <Jonathan.Cameron@huawei.com>, linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev, bwidawsk@kernel.org, ira.weiny@intel.com, vishal.l.verma@intel.com, alison.schofield@intel.com, a.manzanares@samsung.com, linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, linux-arm-kernel@lists.infradead.org, bp@alien8.de, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] arch/cacheflush: Introduce flush_all_caches() Date: Tue, 16 Aug 2022 09:53:01 -0700 [thread overview] Message-ID: <20220816165301.4m4w6zsse62z4hxz@offworld> (raw) In-Reply-To: <62fbcae511ec1_dfbc129453@dwillia2-xfh.jf.intel.com.notmuch> On Tue, 16 Aug 2022, Dan Williams wrote: >Peter Zijlstra wrote: >> On Mon, Aug 15, 2022 at 09:07:06AM -0700, Davidlohr Bueso wrote: >> > diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h >> > index b192d917a6d0..ce2ec9556093 100644 >> > --- a/arch/x86/include/asm/cacheflush.h >> > +++ b/arch/x86/include/asm/cacheflush.h >> > @@ -10,4 +10,7 @@ >> > >> > void clflush_cache_range(void *addr, unsigned int size); >> > >> > +#define flush_all_caches() \ >> > + do { wbinvd_on_all_cpus(); } while(0) >> > + >> >> This is horrific... we've done our utmost best to remove all WBINVD >> usage and here you're adding it back in the most horrible form possible >> ?!? >> >> Please don't do this, do *NOT* use WBINVD. > >Unfortunately there are a few good options here, and the changelog did >not make clear that this is continuing legacy [1], not adding new wbinvd >usage. While I was hoping that it was obvious from the intel.c changes that this was not a new wbinvd, I can certainly improve the changelog with the below. Thanks, Davidlohr > >The functionality this is enabling is to be able to instantaneously >secure erase potentially terabytes of memory at once and the kernel >needs to be sure that none of the data from before the secure is still >present in the cache. It is also used when unlocking a memory device >where speculative reads and firmware accesses could have cached poison >from before the device was unlocked. > >This capability is typically only used once per-boot (for unlock), or >once per bare metal provisioning event (secure erase), like when handing >off the system to another tenant. That small scope plus the fact that >none of this is available to a VM limits the potential damage. So, >similar to the mitigation we did in [2] that did not kill off wbinvd >completely, this is limited to specific scenarios and should be disabled >in any scenario where wbinvd is painful / forbidden. > >[1]: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs") >[2]: e2efb6359e62 ("ACPICA: Avoid cache flush inside virtual machines") _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-08-16 17:29 UTC|newest] Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang 2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang 2022-07-15 21:09 ` Davidlohr Bueso 2022-08-03 16:29 ` Jonathan Cameron 2022-07-18 5:34 ` [PATCH RFC 1/15] " Davidlohr Bueso 2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang 2022-07-18 6:29 ` [PATCH RFC 2/15] " Davidlohr Bueso 2022-08-03 16:36 ` [PATCH RFC 02/15] " Jonathan Cameron 2022-08-09 20:30 ` Dave Jiang 2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang 2022-08-03 16:51 ` Jonathan Cameron 2022-07-15 21:08 ` [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang 2022-07-18 6:36 ` [PATCH RFC 4/15] " Davidlohr Bueso 2022-07-19 18:55 ` Dave Jiang 2022-08-03 17:01 ` [PATCH RFC 04/15] " Jonathan Cameron 2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang 2022-08-03 17:15 ` Jonathan Cameron 2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang 2022-08-03 17:21 ` Jonathan Cameron 2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang 2022-08-03 17:23 ` Jonathan Cameron 2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang 2022-08-03 17:23 ` Jonathan Cameron 2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang 2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang 2022-07-18 5:30 ` Davidlohr Bueso 2022-07-19 19:07 ` Dave Jiang 2022-08-03 17:37 ` Jonathan Cameron 2022-08-03 17:37 ` Jonathan Cameron 2022-08-09 21:47 ` Dave Jiang 2022-08-09 21:47 ` Dave Jiang 2022-08-10 14:15 ` Mark Rutland 2022-08-10 14:15 ` Mark Rutland 2022-08-10 14:31 ` Eliot Moss 2022-08-10 14:31 ` Eliot Moss 2022-08-10 18:09 ` Mark Rutland 2022-08-10 18:09 ` Mark Rutland 2022-08-10 18:11 ` Eliot Moss 2022-08-10 18:11 ` Eliot Moss 2022-08-10 20:06 ` Dan Williams 2022-08-10 20:06 ` Dan Williams 2022-08-10 21:13 ` Davidlohr Bueso 2022-08-10 21:13 ` Davidlohr Bueso 2022-08-10 21:30 ` Dan Williams 2022-08-10 21:30 ` Dan Williams 2022-08-10 21:31 ` Davidlohr Bueso 2022-08-10 21:31 ` Davidlohr Bueso 2022-08-15 16:07 ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso 2022-08-15 16:07 ` Davidlohr Bueso 2022-08-16 9:01 ` Peter Zijlstra 2022-08-16 9:01 ` Peter Zijlstra 2022-08-16 16:50 ` Dan Williams 2022-08-16 16:50 ` Dan Williams 2022-08-16 16:53 ` Davidlohr Bueso [this message] 2022-08-16 16:53 ` Davidlohr Bueso 2022-08-16 17:42 ` Dan Williams 2022-08-16 17:42 ` Dan Williams 2022-08-16 17:52 ` Davidlohr Bueso 2022-08-16 17:52 ` Davidlohr Bueso 2022-08-16 18:49 ` Dan Williams 2022-08-16 18:49 ` Dan Williams 2022-08-17 7:53 ` Peter Zijlstra 2022-08-17 7:53 ` Peter Zijlstra 2022-08-17 7:49 ` Peter Zijlstra 2022-08-17 7:49 ` Peter Zijlstra 2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang 2022-08-04 13:19 ` Jonathan Cameron 2022-08-09 22:31 ` Dave Jiang 2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang 2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang 2022-07-20 6:17 ` Davidlohr Bueso 2022-07-20 17:38 ` Dave Jiang 2022-07-20 18:02 ` Davidlohr Bueso 2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang 2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang 2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso 2022-07-19 18:53 ` Dave Jiang 2022-08-03 17:03 ` Jonathan Cameron 2022-08-08 22:18 ` Dave Jiang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220816165301.4m4w6zsse62z4hxz@offworld \ --to=dave@stgolabs.net \ --cc=Jonathan.Cameron@huawei.com \ --cc=a.manzanares@samsung.com \ --cc=alison.schofield@intel.com \ --cc=arnd@arndb.de \ --cc=bp@alien8.de \ --cc=bwidawsk@kernel.org \ --cc=dan.j.williams@intel.com \ --cc=dave.jiang@intel.com \ --cc=ira.weiny@intel.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-cxl@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=nvdimm@lists.linux.dev \ --cc=peterz@infradead.org \ --cc=vishal.l.verma@intel.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.