[MODERATED] Re: [PATCH 8/8] L1TFv8 6

[Michal Hocko <mhocko@suse.com>]

On Tue 26-06-18 14:57:50, speck for Michal Hocko wrote:
> On Tue 26-06-18 14:01:18, speck for Vlastimil Babka wrote:
> > On 06/25/2018 10:31 PM, speck for Andi Kleen wrote:
> [...]
> > >From 94b19f2277984594eda826a315cb49d6be5375b5 Mon Sep 17 00:00:00 2001
> > From: Vlastimil Babka <vbabka@suse.cz>
> > Date: Fri, 22 Jun 2018 17:39:33 +0200
> > Subject: [PATCH] x86/speculation/l1tf: protect PAE swap entries against L1TF
> > 
> > The PAE 3-level paging code currently doesn't mitigate L1TF by flipping the
> > offset bits, and uses the high PTE word, thus bits 32-36 for type, 37-63 for
> > offset. The lower word is zeroed, thus systems with less than 4GB memory are
> > safe. With 4GB to 128GB the swap type selects the memory locations vulnerable
> > to L1TF; with even more memory, also the swap offfset influences the address.
> > This might be a problem with 32bit PAE guests running on large 64bit hosts.
> > 
> > By continuing to keep the whole swap entry in either high or low 32bit word of
> > PTE we would limit the swap size too much. Thus this patch uses the whole PAE
> > PTE with the same layout as the 64bit version does. The macros just become a
> > bit tricky since they assume the arch-dependent swp_entry_t to be 32bit.
> 
> I have expected this to be even ugglier but it seems quite sane in the
> end.

And just for the record. I was worried that the 64b swap entry would
lead to RMW issues because we are not doing the single write to u64 on
32b but all swap entries constructors I can see are local and only made
visible later. Regular ptes handle that already but I was worried that
having swap entries special could lead to some subtle issues but I
cannot see any in the code.
 
> > Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
> 
> Acked-by: Michal Hocko <mhocko@suse.com>
> 
> Thanks!
-- 
Michal Hocko
SUSE Labs