From: Pavel Machek <pavel@suse.cz>
To: Arjan van de Ven <arjan@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
Stephane Eranian <eranian@googlemail.com>,
Eric Dumazet <dada1@cosmosbay.com>,
Robert Richter <robert.richter@amd.com>,
Peter Anvin <hpa@zytor.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Paul Mackerras <paulus@samba.org>,
"David S. Miller" <davem@davemloft.net>,
perfctr-devel@lists.sourceforge.net
Subject: Re: [patch] Performance Counters for Linux, v4
Date: Tue, 16 Dec 2008 21:04:28 +0100 [thread overview]
Message-ID: <20081216200427.GA1890@ucw.cz> (raw)
In-Reply-To: <20081216141330.1943c30d@infradead.org>
On Tue 2008-12-16 14:13:30, Arjan van de Ven wrote:
> On Tue, 16 Dec 2008 14:03:02 +0100
> Ingo Molnar <mingo@elte.hu> wrote:
>
> > > > - plus you have to forbid SMT CPUs as well. On HT a task could
> > > > co-schedule with your setuid task and observe its timing
> > > > characteristics via its _own_ behavior. (which is impacted by
> > > > whatever is running on another SMT/HT thread.)
> > >
> > > Yes, SMT is evil.
> >
> > HT got added back to Nehalem, so SMT is coming to you in every future
> > x86 CPU. It brings a serious performance win, so nobody will turn
> > off
Fortunately, Intel is not the only x86 vendor :-).
> > SMT threading in practice. If SMT worries you, it needs explicit
> > partitioning of security-relevant processing to different physical
> > CPUs, via cgroups/cpusets/etc.
I guess we should refuse to run threads from different uids on one
physical core...
> and/or you use properly implemented crypto code (see Bruce Schneider's
> books). The timing "problem" isn't really SMT specific. If you have
> improperly implemented crypto (eg crypto code where the code paths and
> not just the data payload are key dependent) then on any system with
> more than one (logical) processor there is interference that an
> attacker can use.
>
> The only possible answer is to use proper implementation; turning off HT
> may make you feel good but you go from shoddy crypto for which there is
> some internet papers on how to crack it, to shoddy crypto for which the
> same papers apply ;)
It is not only timing. If attacker has access to detailed cache miss
statistics, things are easier for him... I probably should review the
books, but even if code paths are key-independend (hard), you'll get
timing differences due to [data] cache misses...?
Ok, this is getting off-topic.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2008-12-16 20:04 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-14 21:28 [patch] Performance Counters for Linux, v4 Ingo Molnar
2008-12-15 11:59 ` Paul Mackerras
2008-12-15 12:11 ` Paul Mackerras
2008-12-16 14:22 ` Peter Zijlstra
2008-12-16 23:06 ` Paul Mackerras
2008-12-16 23:51 ` Ingo Molnar
2008-12-17 1:55 ` Andi Kleen
2009-01-16 18:01 ` Corey Ashford
2009-01-16 22:14 ` Maynard Johnson
2009-01-16 23:11 ` Ingo Molnar
2009-01-17 1:26 ` Paul Mackerras
2009-01-17 9:53 ` Andi Kleen
2008-12-17 2:23 ` [Perfctr-devel] " Dan Terpstra
2008-12-17 7:34 ` stephane eranian
2008-12-15 17:44 ` Vince Weaver
2008-12-15 21:07 ` Vince Weaver
2008-12-15 22:13 ` Paul Mackerras
2008-12-15 21:42 ` Paul Mackerras
2008-12-15 22:03 ` stephane eranian
2008-12-16 14:42 ` Peter Zijlstra
2008-12-16 16:55 ` Vince Weaver
2008-12-16 21:52 ` Paul Mackerras
2008-12-16 12:22 ` Pavel Machek
2008-12-16 12:50 ` Ingo Molnar
2008-12-16 12:57 ` Pavel Machek
2008-12-16 13:03 ` Ingo Molnar
2008-12-16 13:13 ` Arjan van de Ven
2008-12-16 20:04 ` Pavel Machek [this message]
2008-12-16 14:45 ` Peter Zijlstra
2008-12-16 15:46 ` [Perfctr-devel] " Martin Cracauer
2008-12-16 17:38 ` Vince Weaver
2008-12-16 19:47 ` Corey Ashford
2008-12-16 20:55 ` Vince Weaver
2008-12-16 19:56 ` [Perfctr-devel] " William Cohen
2008-12-17 1:51 ` Andi Kleen
2008-12-17 1:56 ` Samuel Thibault
[not found] ` <d484eb1f0812162357n7a851f2fncc0abaae9bd293a4@mail.gmail.com>
2008-12-17 9:18 ` Andi Kleen
[not found] ` <d484eb1f0812170611s597e014cl5fb98d6dd81afd49@mail.gmail.com>
2008-12-17 15:06 ` Andi Kleen
2008-12-17 16:00 ` William Cohen
2008-12-17 20:53 ` Corey Ashford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081216200427.GA1890@ucw.cz \
--to=pavel@suse.cz \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=eranian@googlemail.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paulus@samba.org \
--cc=perfctr-devel@lists.sourceforge.net \
--cc=robert.richter@amd.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.