linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tycho Andersen <tycho@tycho.ws>
To: Khalid Aziz <khalid.aziz@oracle.com>
Cc: "Stecklina, Julian" <jsteckli@amazon.de>,
	"juerg.haefliger@hpe.com" <juerg.haefliger@hpe.com>,
	"deepa.srinivasan@oracle.com" <deepa.srinivasan@oracle.com>,
	"jmattson@google.com" <jmattson@google.com>,
	"andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>,
	"Woodhouse, David" <dwmw@amazon.co.uk>,
	"torvalds@linux-foundation.org" <torvalds@linux-foundation.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	"boris.ostrovsky@oracle.com" <boris.ostrovsky@oracle.com>,
	"pradeep.vincent@oracle.com" <pradeep.vincent@oracle.com>,
	"konrad.wilk@oracle.com" <konrad.wilk@oracle.com>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"kanth.ghatraju@oracle.com" <kanth.ghatraju@oracle.com>,
	"joao.m.martins@oracle.com" <joao.m.martins@oracle.com>,
	"liran.alon@oracle.com" <liran.alon@oracle.com>,
	"ak@linux.intel.com" <ak@linux.intel.com>,
	"keescook@google.com" <keescook@google.com>,
	"kernel-hardening@lists.openwall.com" 
	<kernel-hardening@lists.openwall.com>,
	"chris.hyser@oracle.com" <chris.hyser@oracle.com>,
	"tyhicks@canonical.com" <tyhicks@canonical.com>,
	"john.haxby@oracle.com" <john.haxby@oracle.com>,
	"jcm@redhat.com" <jcm@redhat.com>
Subject: Re: Redoing eXclusive Page Frame Ownership (XPFO) with isolated CPUs in mind (for KVM to isolate its guests per CPU)
Date: Wed, 24 Oct 2018 16:00:29 +0100	[thread overview]
Message-ID: <20181024150029.GB9019@cisco> (raw)
In-Reply-To: <6cc985bb-6aed-4fb7-0ef2-43aad2717095@oracle.com>

On Wed, Oct 24, 2018 at 04:30:42PM +0530, Khalid Aziz wrote:
> On 10/15/2018 01:37 PM, Khalid Aziz wrote:
> > On 09/24/2018 08:45 AM, Stecklina, Julian wrote:
> > > I didn't test the version with TLB flushes, because it's clear that the
> > > overhead is so bad that no one wants to use this.
> > 
> > I don't think we can ignore the vulnerability caused by not flushing
> > stale TLB entries. On a mostly idle system, TLB entries hang around long
> > enough to make it fairly easy to exploit this. I was able to use the
> > additional test in lkdtm module added by this patch series to
> > successfully read pages unmapped from physmap by just waiting for system
> > to become idle. A rogue program can simply monitor system load and mount
> > its attack using ret2dir exploit when system is mostly idle. This brings
> > us back to the prohibitive cost of TLB flushes. If we are unmapping a
> > page from physmap every time the page is allocated to userspace, we are
> > forced to incur the cost of TLB flushes in some way. Work Tycho was
> > doing to implement Dave's suggestion can help here. Once Tycho has
> > something working, I can measure overhead on my test machine. Tycho, I
> > can help with your implementation if you need.
> 
> I looked at Tycho's last patch with batch update from
> <https://lkml.org/lkml/2017/11/9/951>. I ported it on top of Julian's
> patches and got it working well enough to gather performance numbers. Here
> is what I see for system times on a machine with dual Xeon E5-2630 and 256GB
> of memory when running "make -j30 all" on 4.18.6 kernel (percentages are
> relative to base 4.19-rc8 kernel without xpfo):
> 
> 
> Base 4.19-rc8				913.84s
> 4.19-rc8 + xpfo, no TLB flush		1027.985s (+12.5%)
> 4.19-rc8 + batch update, no TLB flush	970.39s (+6.2%)
> 4.19-rc8 + xpfo, TLB flush		8458.449s (+825.6%)
> 4.19-rc8 + batch update, TLB flush	4665.659s (+410.6%)
> 
> Batch update is significant improvement but we are starting so far behind
> baseline, it is still a huge slow down.

There's some other stuff that Dave suggested that I didn't do; in
particular coalesce xpfo bits instead of setting things once per page
when mappings are shared, etc.

Perhaps that will help more?

I'm still stuck working on something else for now, but I hope to be
able to participate more on this Soon (TM). Thanks for the testing!

Tycho

  reply	other threads:[~2018-10-24 15:00 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-20 21:25 Redoing eXclusive Page Frame Ownership (XPFO) with isolated CPUs in mind (for KVM to isolate its guests per CPU) Konrad Rzeszutek Wilk
2018-08-20 21:48 ` Linus Torvalds
     [not found]   ` <1534801939.10027.24.camel@amazon.co.uk>
2018-08-20 22:18     ` Kees Cook
2018-08-20 22:27     ` Linus Torvalds
2018-08-20 22:35       ` Tycho Andersen
2018-08-20 22:59         ` Dave Hansen
2018-08-20 23:14           ` David Woodhouse
2018-08-20 23:26             ` Dave Hansen
2018-08-20 23:38               ` Linus Torvalds
2018-08-21  9:57       ` David Woodhouse
2018-08-21 14:01         ` Liran Alon
2018-08-21 14:22           ` David Woodhouse
2018-08-21 23:04             ` Liran Alon
2018-08-30 16:00       ` Julian Stecklina
2018-08-31 15:26         ` Tycho Andersen
2018-09-01 21:38         ` Linus Torvalds
2018-09-03 14:51           ` Julian Stecklina
2018-09-12 15:37             ` Julian Stecklina
2018-09-13  6:11               ` Juerg Haefliger
2018-09-17 10:01                 ` Julian Stecklina
2018-09-17 10:19                   ` Tycho Andersen
2018-09-17 13:27                   ` Christoph Hellwig
2018-09-14 17:06               ` Khalid Aziz
2018-09-17  9:51                 ` Julian Stecklina
2018-09-18 23:00                   ` Khalid Aziz
2018-09-24 14:45                     ` Stecklina, Julian
2018-10-15  8:07                       ` Khalid Aziz
2018-10-24 11:00                         ` Khalid Aziz
2018-10-24 15:00                           ` Tycho Andersen [this message]
2018-09-03 15:26           ` Andi Kleen
2018-09-04  9:37             ` Julian Stecklina
     [not found]           ` <CACfEFw_h5uup-anKZwfBcWMJB7gHxb9NEPTRSUAY0+t11RiQbg@mail.gmail.com>
2018-09-03 15:36             ` Andi Kleen
2018-09-07 21:30         ` Khalid Aziz
2018-08-31  8:43     ` James Bottomley
2018-09-19  1:03     ` Balbir Singh
2018-09-19 15:43       ` Jonathan Adams
2018-09-23  2:33         ` Balbir Singh
2018-09-25 14:12           ` Stecklina, Julian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181024150029.GB9019@cisco \
    --to=tycho@tycho.ws \
    --cc=ak@linux.intel.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=chris.hyser@oracle.com \
    --cc=deepa.srinivasan@oracle.com \
    --cc=dwmw@amazon.co.uk \
    --cc=jcm@redhat.com \
    --cc=jmattson@google.com \
    --cc=joao.m.martins@oracle.com \
    --cc=john.haxby@oracle.com \
    --cc=jsteckli@amazon.de \
    --cc=juerg.haefliger@hpe.com \
    --cc=kanth.ghatraju@oracle.com \
    --cc=keescook@google.com \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=khalid.aziz@oracle.com \
    --cc=konrad.wilk@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=liran.alon@oracle.com \
    --cc=pradeep.vincent@oracle.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=tyhicks@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).