All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dave Hansen <dave.hansen@intel.com>
To: Jann Horn <jannh@google.com>
Cc: Eric Biggers <ebiggers@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H . Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
	Peter Zijlstra <peterz@infradead.org>,
	Roxana Bradescu <roxabee@chromium.org>,
	Adam Langley <agl@google.com>, Ard Biesheuvel <ardb@kernel.org>,
	"Jason A . Donenfeld" <Jason@zx2c4.com>
Subject: Re: [PATCH] x86: enable Data Operand Independent Timing Mode
Date: Thu, 26 Jan 2023 08:40:29 -0800	[thread overview]
Message-ID: <394c92e2-a9aa-37e1-7a34-d7569ac844fd@intel.com> (raw)
In-Reply-To: <CAG48ez1NaWarARJj5SBdKKTYFO2MbX7xO75Rk0Q2iK8LX4BwFA@mail.gmail.com>

On 1/26/23 05:52, Jann Horn wrote:
> On Wed, Jan 25, 2023 at 4:30 PM Dave Hansen <dave.hansen@intel.com> wrote:
>> Translating from Intel-speak: Intel thinks that DOITM purely a way to
>> make the CPU run slower if you haven't already written code specifically
>> to mitigate timing side channels.  All pain, no gain.
>>
>> The kernel as a whole is not written that way.
> 
> The kernel as a whole also doesn't really use the FPU registers for
> anything other than checksumming and cryptography and stuff like that
> (it's disabled in the compiler flags because the FPU registers
> normally contain userspace state that must not be clobbered). The
> instructions listed on that Intel help page are all weird PM* and VP*
> arithmetic instructions that can't be generated from C code in the
> kernel (except for weird subsystems in which every function is only
> callable in kernel-FPU-enabled mode and the compiler is set to enable
> FPU instruction generation, by which I mean amdgpu).

Maybe I'm totally missing something, but I thought the scope here was
the "non-data operand independent timing behavior for the listed
instructions" referenced here:

> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html

where the "listed instructions" is this list:

> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/data-operand-independent-timing-instructions.html

For example, that includes XOR with the 0x31 and 0x81 opcodes which
there are plenty of in the kernel.

That's a bit wider scope than the crazy instructions like VPLZCNTD.  The
crazy instructions list that I _think_ you were grepping for is the
"Instructions That May Exhibit MCDT Behavior".  That's also a fun one,
but it is more narrow than the DOITM list.


  reply	other threads:[~2023-01-26 16:40 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-25  1:28 [PATCH] x86: enable Data Operand Independent Timing Mode Eric Biggers
2023-01-25  3:07 ` Bagas Sanjaya
2023-01-25 15:29 ` Dave Hansen
2023-01-25 16:15   ` Dave Hansen
2023-01-25 16:22   ` Ard Biesheuvel
2023-01-25 16:45     ` Dave Hansen
2023-01-26 10:20       ` Ard Biesheuvel
2023-01-26 13:52   ` Jann Horn
2023-01-26 16:40     ` Dave Hansen [this message]
2023-01-26 17:52       ` Jann Horn
2023-01-26 19:12         ` Dave Hansen
2023-01-26 22:37           ` Eric Biggers
2023-01-26 23:58             ` Dave Hansen
2023-01-31 22:48               ` Dave Hansen
2023-02-01  6:54                 ` Eric Biggers
2023-02-01 18:09                   ` Dave Hansen
2023-02-01 22:33                     ` Josh Triplett
2023-02-03 16:25                     ` Dave Hansen
2023-02-03 18:25 ` Dave Hansen
2023-03-03  3:32   ` Roxana Bradescu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=394c92e2-a9aa-37e1-7a34-d7569ac844fd@intel.com \
    --to=dave.hansen@intel.com \
    --cc=Jason@zx2c4.com \
    --cc=agl@google.com \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=ebiggers@kernel.org \
    --cc=hpa@zytor.com \
    --cc=jannh@google.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=roxabee@chromium.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.