From: Borislav Petkov <bp@alien8.de>
To: Andy Lutomirski <luto@kernel.org>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
John Stultz <john.stultz@linaro.org>
Subject: Re: [RFC PATCH 4/4] x86/TSC: Use RDTSCP
Date: Wed, 12 Dec 2018 19:44:59 +0100 [thread overview]
Message-ID: <20181212184459.GE6653@zn.tnic> (raw)
In-Reply-To: <CALCETrWSG5825HrxwEJGqbSoRz=A_2O-GSBD+K_q9YPHu2TB6A@mail.gmail.com>
On Wed, Dec 12, 2018 at 10:07:03AM -0800, Andy Lutomirski wrote:
> You're proving my point, I think. CPUID, IRET, MOV to CR, etc are
> "serializing". LFENCE, on many CPUd and depending on MSRs, is a
> different kind of serializing. MFENCE is something else. All LOCK
> instructions are some kind of barrier, but I don't think anyone calls
> them "serializing".
Yeah, peterz and I hashed it out a bit today on IRC about the different
meanings of serializing. I see your point now.
> The uaccess users of barrier_nospec() are presumably looking for a
> speculation barrier in the sense of "CPU, please don't execute the
> code after this until you're sure that this code should be executed
> for real and until all inputs are known, not guessed."
Yeah, I believe AMD's paper has this nicely written:
"MITIGATION G-2
Description: Set an MSR in the processor so that LFENCE is a dispatch
serializing instruction and then use LFENCE in code streams to
serialize dispatch (LFENCE is faster than RDTSCP which is also dispatch
serializing). This mode of LFENCE may be enabled by setting MSR
C001_1029[1]=1.
Effect: Upon encountering an LFENCE when the MSR bit is set, dispatch
will stop until the LFENCE instruction becomes the oldest instruction in
the machine."
https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf
which is basically what you want for the whole mitigation crap if you
want to kill speculation - you simply hold dispatch until the LFENCE
retires.
> The property I want for RDTSC ordering is much weaker: I want it to be
> ordered like a load. Imagine that, instead of an on-chip TSC, the TSC
> is literally a location in main memory that gets incremented by an
> extra dedicated CPU every nanosecond or so. I want users of RDTSC to
> work as if they were reading such a location in memory using an
> ordinary load. I believe this gives the real desired property that it
> should be impossible to observe the TSC going backwards. This is a
> much weaker form of serialization.
Well, in that case you need something new.
Because, the moment you have a RDTSC in flight and a second RDTSC comes
in and that second RDTSC must *not* bypass the first one and execute
earlier due to OoO, you need to impose some ordering. And that's pretty
much uarch-dependent, I'd say.
And I guess on AMD the way to do that is to stop dispatch until the
first RDTSC retires.
Can it be done faster? Sure. And I'm pretty sure there's a lot of pesky
little hw details we're not even hearing of, which get in the way.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2018-12-12 18:45 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-11 22:23 [RFC PATCH 0/4] x86/alternative: Add ALTERNATIVE_3 Borislav Petkov
2018-12-11 22:23 ` [RFC PATCH 1/4] x86/alternatives: Add macro comments Borislav Petkov
2019-01-16 11:57 ` [tip:x86/alternatives] " tip-bot for Borislav Petkov
2018-12-11 22:23 ` [RFC PATCH 2/4] x86/alternatives: Print containing function Borislav Petkov
2019-01-16 11:58 ` [tip:x86/alternatives] " tip-bot for Borislav Petkov
2018-12-11 22:23 ` [RFC PATCH 3/4] x86/alternatives: Add an ALTERNATIVE_3() macro Borislav Petkov
2019-01-16 11:59 ` [tip:x86/alternatives] " tip-bot for Borislav Petkov
2018-12-11 22:23 ` [RFC PATCH 4/4] x86/TSC: Use RDTSCP Borislav Petkov
2018-12-11 22:59 ` Andy Lutomirski
2018-12-11 23:12 ` Lendacky, Thomas
2018-12-11 23:39 ` Borislav Petkov
2018-12-12 2:24 ` Andy Lutomirski
2018-12-12 9:59 ` Peter Zijlstra
2018-12-12 12:02 ` Andrea Parri
2018-12-12 10:08 ` Borislav Petkov
2018-12-12 18:07 ` Andy Lutomirski
2018-12-12 18:44 ` Borislav Petkov [this message]
2018-12-12 18:50 ` Andy Lutomirski
2018-12-12 20:00 ` Borislav Petkov
2018-12-12 20:09 ` Andy Lutomirski
2018-12-12 20:29 ` Borislav Petkov
2018-12-14 13:39 ` David Laight
2018-12-15 18:53 ` Andy Lutomirski
2018-12-12 14:15 ` Lendacky, Thomas
2018-12-12 14:18 ` Lendacky, Thomas
2018-12-11 23:37 Alexey Dobriyan
2018-12-11 23:43 ` Borislav Petkov
2018-12-12 0:06 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181212184459.GE6653@zn.tnic \
--to=bp@alien8.de \
--cc=Thomas.Lendacky@amd.com \
--cc=hpa@zytor.com \
--cc=john.stultz@linaro.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.