From: Pavel Machek <pavel@ucw.cz>
To: Thomas Gleixner <tglx@linutronix.de>, corbet@lwn.net
Cc: LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Jiri Kosina <jkosina@suse.cz>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Greg KH <gregkh@linuxfoundation.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
David Woodhouse <dwmw2@infradead.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Joerg Roedel <joro@8bytes.org>, Tony Luck <tony.luck@intel.com>,
Salvatore Bonaccorso <carnil@debian.org>,
linux-doc@vger.kernel.org
Subject: Re: [patch] Fix up l1ft documentation was Re: Taking a break - time to look back
Date: Mon, 11 Mar 2019 11:21:10 +0100 [thread overview]
Message-ID: <20190311102109.GA14118@amd> (raw)
In-Reply-To: <20190102235152.GA24163@amd>
[-- Attachment #1: Type: text/plain, Size: 4094 bytes --]
Ping? Jonathan, can you pick this up?
Pavel
On Thu 2019-01-03 00:51:52, Pavel Machek wrote:
> Hi!
>
> > The next round of speculation-related issues including the scary L1TF
> > hardware bug was a way more "pleasant" experience to work on. While for
> > obvious reasons the mitigation development happened behind closed doors in
> > a smaller group of people, we were at least able to collaborate in a way
> > which is somehow close to what we are used to.
>
> Ok, I guess L1TF was a lot of fun, and there was not time for a good
> documentation.
>
> There's admin guide that is written as an advertisment, and
> unfortunately is slightly "inaccurate" at places (to the point of
> lying).
>
> Plus, I believe it should go to x86/ directory, as this is really
> Intel issue, and not anything ARM (or RISC-V) people need to
> know. (But we already have some urls in printk messages that may need
> fixing up..?)
>
> Signed-off-by: Pavel Machek <pavel@ucw.cz>
>
> diff --git a/Documentation/admin-guide/l1tf.rst b/Documentation/admin-guide/l1tf.rst
> index b85dd80..05c5422 100644
> --- a/Documentation/admin-guide/l1tf.rst
> +++ b/Documentation/admin-guide/l1tf.rst
> @@ -1,10 +1,11 @@
> L1TF - L1 Terminal Fault
> ========================
>
> -L1 Terminal Fault is a hardware vulnerability which allows unprivileged
> -speculative access to data which is available in the Level 1 Data Cache
> -when the page table entry controlling the virtual address, which is used
> -for the access, has the Present bit cleared or other reserved bits set.
> +L1 Terminal Fault is a hardware vulnerability on most recent Intel x86
> +CPUs which allows unprivileged speculative access to data which is
> +available in the Level 1 Data Cache when the page table entry
> +controlling the virtual address, which is used for the access, has the
> +Present bit cleared or other reserved bits set.
>
> Affected processors
> -------------------
> @@ -76,12 +77,14 @@ Attack scenarios
> deterministic and more practical.
>
> The Linux kernel contains a mitigation for this attack vector, PTE
> - inversion, which is permanently enabled and has no performance
> - impact. The kernel ensures that the address bits of PTEs, which are not
> - marked present, never point to cacheable physical memory space.
> + inversion, which is permanently enabled and has no measurable
> + performance impact in most configurations. The kernel ensures that
> + the address bits of PTEs, which are not marked present, never point
> + to cacheable physical memory space. On x86-32, this physical memory
> + needs to be limited to 2GiB to make mitigation effective.
>
> - A system with an up to date kernel is protected against attacks from
> - malicious user space applications.
> + Mitigation is present in kernels v4.19 and newer, and in
> + recent -stable kernels.
>
> 2. Malicious guest in a virtual machine
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> @@ -405,6 +408,9 @@ time with the option "l1tf=". The valid arguments for this option are:
>
> off Disables hypervisor mitigations and doesn't emit any
> warnings.
> + It also drops the swap size and available RAM limit restrictions
> + on both hypervisor and bare metal.
> +
> ============ =============================================================
>
> The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`.
> @@ -576,7 +582,8 @@ Default mitigations
> The kernel default mitigations for vulnerable processors are:
>
> - PTE inversion to protect against malicious user space. This is done
> - unconditionally and cannot be controlled.
> + unconditionally and cannot be controlled. The swap storage is limited
> + to ~16TB.
>
> - L1D conditional flushing on VMENTER when EPT is enabled for
> a guest.
>
>
>
>
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2019-03-11 10:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-20 0:46 Taking a break - time to look back Thomas Gleixner
2018-12-20 5:26 ` Willy Tarreau
2019-01-02 23:51 ` [patch] Fix up l1ft documentation was " Pavel Machek
2019-03-11 10:21 ` Pavel Machek [this message]
2019-03-11 13:05 ` Thomas Gleixner
2019-03-11 13:13 ` Pavel Machek
2019-03-11 22:31 ` Thomas Gleixner
2019-03-12 11:57 ` Pavel Machek
2019-03-24 20:41 ` Thomas Gleixner
2019-08-28 22:18 ` Pavel Machek
2019-03-11 14:38 ` Jonathan Corbet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190311102109.GA14118@amd \
--to=pavel@ucw.cz \
--cc=carnil@debian.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=jkosina@suse.cz \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).