From: "Singh, Balbir" <sblbir@amazon.com>
To: "tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"torvalds@linux-foundation.org" <torvalds@linux-foundation.org>,
"jpoimboe@redhat.com" <jpoimboe@redhat.com>,
"x86@kernel.org" <x86@kernel.org>,
"tony.luck@intel.com" <tony.luck@intel.com>,
"dave.hansen@intel.com" <dave.hansen@intel.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>
Subject: Re: [PATCH v4 0/5] Next revision of the L1D flush patches
Date: Mon, 25 Jan 2021 09:27:38 +0000 [thread overview]
Message-ID: <cf89f0389379daaaff0cbce9c5f1550866e55e91.camel@amazon.com> (raw)
In-Reply-To: <20210108121056.21940-1-sblbir@amazon.com>
On Fri, 2021-01-08 at 23:10 +1100, Balbir Singh wrote:
> Implement a mechanism that allows tasks to conditionally flush
> their L1D cache (mitigation mechanism suggested in [2]). The previous
> posts of these patches were sent for inclusion (see [3]) and were not
> included due to the concern for the need for additional checks,
> those checks were:
>
> 1. Implement this mechanism only for CPUs affected by the L1TF bug
> 2. Disable the software fallback
> 3. Provide an override to enable this mechanism
> 4. Be SMT aware in the implementation
>
> The patches support a use case where the entire system is not in
> non SMT mode, but rather a few CPUs can have their SMT turned off
> and processes that want to opt-in are expected to run on non SMT
> cores. This gives the administrator complete control over setting
> up the mitigation for the issue. In addition, the administrator
> has a boot time override (l1d_flush=on) to turn on the mechanism
> without which this mechanism will not work.
>
> To implement these efficiently, a new per cpu view of whether the core
> is in SMT mode or not is implemented in patch 1. The code is refactored
> in patch 2 so that the existing code can allow for other speculation
> related checks when switching mm between tasks, this mechanism has not
> changed since the last post. The ability to flush L1D for tasks if the
> TIF_SPEC_L1D_FLUSH bit is set and the task has context switched out of a
> non SMT core is provided by patch 3. Hooks for the user space API, for
> this feature to be invoked via prctl are provided in patch 4, along with
> the checks described above (1, 2, and 3). Documentation updates are in
> patch 5, with updates on l1d_flush, the prctl changes and updates to the
> kernel-parameters (l1d_flush_out).
>
> The checks for opting into L1D flushing are:
> a. If the CPU is affected by L1TF
> b. Hardware L1D flush mechanism is available
>
> A task running on a core with SMT enabled and opting into this feature will
> receive a SIGBUS.
>
> References
> [1] https://software.intel.com/security-software-guidance/software-guidance/snoop-assisted-l1-data-sampling
> [2] https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
> [3] https://lkml.org/lkml/2020/6/2/1150
> [4] https://lore.kernel.org/lkml/20200729001103.6450-1-sblbir@amazon.com/
> [5] https://lore.kernel.org/lkml/20201117234934.25985-2-sblbir@amazon.com/
>
> Reviewers guide to v4
> - The key patch in the series and most of the changes to this
> revision are to patch 4. patches 3 and 5 have been modified
> to keep them consistent with the changes to patch 4.
>
> Changelog v4:
> - Use a static key to enable the mechanism (remove overheads)
> - By default have the mechanism turned off, so there are two
> opt-ins needed, one by the administrator at boot time, second
> by the application
> - Rename l1d_flush_out/L1D_FLUSH_OUT to l1d_flush/L1D_FLUSH
> - Implement other review recommendations
> Changelog v3:
> - Implement the SIGBUS mechansim
> - Update and fix the documentation
>
>
> Balbir Singh (5):
> x86/smp: Add a per-cpu view of SMT state
> x86/mm: Refactor cond_ibpb() to support other use cases
> x86/mm: Optionally flush L1D on context switch
> prctl: Hook L1D flushing in via prctl
> Documentation: Add L1D flushing Documentation
>
> Documentation/admin-guide/hw-vuln/index.rst | 1 +
> .../admin-guide/hw-vuln/l1d_flush.rst | 70 +++++++++++++++
> .../admin-guide/kernel-parameters.txt | 17 ++++
> Documentation/userspace-api/spec_ctrl.rst | 8 ++
> arch/Kconfig | 4 +
> arch/x86/Kconfig | 1 +
> arch/x86/include/asm/cacheflush.h | 8 ++
> arch/x86/include/asm/nospec-branch.h | 2 +
> arch/x86/include/asm/processor.h | 2 +
> arch/x86/include/asm/thread_info.h | 6 +-
> arch/x86/include/asm/tlbflush.h | 2 +-
> arch/x86/kernel/cpu/bugs.c | 71 +++++++++++++++
> arch/x86/kernel/smpboot.c | 10 ++-
> arch/x86/mm/tlb.c | 88 ++++++++++++++-----
> include/linux/sched.h | 10 +++
> include/uapi/linux/prctl.h | 1 +
> 16 files changed, 273 insertions(+), 28 deletions(-)
> create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst
>
Ping on any review comments? Suggested refactoring?
Balbir Singh
next prev parent reply other threads:[~2021-01-25 9:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 12:10 [PATCH v4 0/5] Next revision of the L1D flush patches Balbir Singh
2021-01-08 12:10 ` [PATCH v4 1/5] x86/smp: Add a per-cpu view of SMT state Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] " tip-bot2 for Balbir Singh
2021-01-08 12:10 ` [PATCH v4 2/5] x86/mm: Refactor cond_ibpb() to support other use cases Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] " tip-bot2 for Balbir Singh
2021-01-08 12:10 ` [PATCH v4 3/5] x86/mm: Optionally flush L1D on context switch Balbir Singh
2021-01-08 12:10 ` [PATCH v4 4/5] prctl: Hook L1D flushing in via prctl Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] x86, " tip-bot2 for Balbir Singh
2021-01-08 12:10 ` [PATCH v4 5/5] Documentation: Add L1D flushing Documentation Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] " tip-bot2 for Balbir Singh
2021-01-25 9:27 ` Singh, Balbir [this message]
2021-04-08 20:23 ` [PATCH v4 0/5] Next revision of the L1D flush patches Kees Cook
[not found] ` <87y2d5tpjh.ffs@nanos.tec.linutronix.de>
2021-04-26 22:24 ` Thomas Gleixner
2021-04-28 20:08 ` Kees Cook
2021-06-04 10:06 ` Balbir Singh
2021-06-04 19:09 ` Kees Cook
2021-05-13 1:06 ` Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] x86/mm: Prepare for opt-in based L1D flush in switch_mm() tip-bot2 for Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] x86/process: Make room for TIF_SPEC_L1D_FLUSH tip-bot2 for Balbir Singh
2021-07-28 9:58 ` [tip: x86/cpu] sched: Add task_work callback for paranoid L1D flush tip-bot2 for Balbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf89f0389379daaaff0cbce9c5f1550866e55e91.camel@amazon.com \
--to=sblbir@amazon.com \
--cc=benh@kernel.crashing.org \
--cc=dave.hansen@intel.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).