From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B3D4C00A89 for ; Tue, 3 Nov 2020 00:20:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A5D302231B for ; Tue, 3 Nov 2020 00:20:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=joelfernandes.org header.i=@joelfernandes.org header.b="D3anKR8x" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727316AbgKCAUM (ORCPT ); Mon, 2 Nov 2020 19:20:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726104AbgKCAUM (ORCPT ); Mon, 2 Nov 2020 19:20:12 -0500 Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33268C0617A6 for ; Mon, 2 Nov 2020 16:20:12 -0800 (PST) Received: by mail-qt1-x841.google.com with SMTP id f93so10534750qtb.10 for ; Mon, 02 Nov 2020 16:20:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=+iYT1BpWw5n5fXn+eYkFl/oF1ufzUhPoP4Cqb3lWk8M=; b=D3anKR8xCSa+GzjpVwDqC8S02uGvlj/AAxoa2NI9pBuXKmStXMCt1BalYTwBcQxQlz aWGaX+XsY1TBDGCOqh/8Zt8BPEOrGlUzKTqHqUWKWtOWTUQQeUwCnb8kgw3h49az/Ei/ J07Ssh2FUS3+85jHWamJUT27NhWEQWyy07WBk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=+iYT1BpWw5n5fXn+eYkFl/oF1ufzUhPoP4Cqb3lWk8M=; b=j0CFYKSVTz4HajkGi08DIsdy19hIy4VK0WjBGz/7nQtjFuhPIbzh+6Rd6X9VsPum0s JY4j502CnLZMU1lGIOf01BFjJXoo2v4KdL9sfIbIzerdlXpv3tBAXRxXs45tdVQ3uFsx nS2qJ38ZAkTTeQ9rGHSK9UtgIPC2UlCJp7sc7BMDJkxDc/V5EuONBNP6tVwTfOI5TNa8 dsk2hn+TcXdzGQwk5jxXbePd8JB6Dnzc5aTzZla/dq6Wc0jay3BmX1vHwRdauhjKGAMj PEvzWLDLDzokOk/PX+V9bNxjsaI8iB2lQIDHiCeZzcQn+6QFnJXD2HJ0Tg1kMGRQRSkp 12CA== X-Gm-Message-State: AOAM530Hkc3UR4jZ5/tbwVLsGwDDiH+8fPvioEHOttRvPWIYW+PVrn0S fCFQi30QdAGi2G5HnB8DXZEKtg== X-Google-Smtp-Source: ABdhPJxj5q7dLRJqGrusrF94RqmsfG/cVYPeyiBWXAHKwk8Amr74Fb2uD95Wl7xfV/Rk5DyWPMQa+g== X-Received: by 2002:ac8:74c9:: with SMTP id j9mr5793552qtr.208.1604362811410; Mon, 02 Nov 2020 16:20:11 -0800 (PST) Received: from localhost ([2620:15c:6:411:cad3:ffff:feb3:bd59]) by smtp.gmail.com with ESMTPSA id k134sm4262179qke.111.2020.11.02.16.20.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Nov 2020 16:20:10 -0800 (PST) Date: Mon, 2 Nov 2020 19:20:10 -0500 From: Joel Fernandes To: Randy Dunlap Cc: Nishanth Aravamudan , Julien Desfossez , Peter Zijlstra , Tim Chen , Vineeth Pillai , Aaron Lu , Aubrey Li , tglx@linutronix.de, linux-kernel@vger.kernel.org, mingo@kernel.org, torvalds@linux-foundation.org, fweisbec@gmail.com, keescook@chromium.org, kerrnel@google.com, Phil Auld , Valentin Schneider , Mel Gorman , Pawan Gupta , Paolo Bonzini , vineeth@bitbyteword.org, Chen Yu , Christian Brauner , Agata Gruza , Antonio Gomez Iglesias , graf@amazon.com, konrad.wilk@oracle.com, dfaggioli@suse.com, pjt@google.com, rostedt@goodmis.org, derkling@google.com, benbjiang@tencent.com, Alexandre Chartre , James.Bottomley@hansenpartnership.com, OWeisse@umich.edu, Dhaval Giani , Junaid Shahid , jsbarnes@google.com, chris.hyser@oracle.com, Aubrey Li , Tim Chen , "Paul E . McKenney" Subject: Re: [PATCH v8 -tip 13/26] kernel/entry: Add support for core-wide protection of kernel-mode Message-ID: <20201103002010.GC595952@google.com> References: <20201020014336.2076526-1-joel@joelfernandes.org> <20201020014336.2076526-14-joel@joelfernandes.org> <13fac0b7-37cb-7313-efb6-ebe166121f8f@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <13fac0b7-37cb-7313-efb6-ebe166121f8f@infradead.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 08:41:04PM -0700, Randy Dunlap wrote: > On 10/19/20 6:43 PM, Joel Fernandes (Google) wrote: > > > > --- > > .../admin-guide/kernel-parameters.txt | 7 + > > include/linux/entry-common.h | 2 +- > > include/linux/sched.h | 12 + > > kernel/entry/common.c | 25 +- > > kernel/sched/core.c | 229 ++++++++++++++++++ > > kernel/sched/sched.h | 3 + > > 6 files changed, 275 insertions(+), 3 deletions(-) > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > > index 3236427e2215..48567110f709 100644 > > --- a/Documentation/admin-guide/kernel-parameters.txt > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > @@ -4678,6 +4678,13 @@ > > sbni= [NET] Granch SBNI12 leased line adapter > > + sched_core_protect_kernel= > > Needs a list of possible values after '=', along with telling us > what the default value/setting is. Ok, I made it the following: sched_core_protect_kernel= [SCHED_CORE] Pause SMT siblings of a core running in user mode, if at least one of the siblings of the core is running in kernel mode. This is to guarantee that kernel data is not leaked to tasks which are not trusted by the kernel. A value of 0 disables protection, 1 enables protection. The default is 1. thanks, - Joel > > + [SCHED_CORE] Pause SMT siblings of a core running in > > + user mode, if at least one of the siblings of the core > > + is running in kernel mode. This is to guarantee that > > + kernel data is not leaked to tasks which are not trusted > > + by the kernel. > > + > > > thanks.