From: Mark Rutland <mark.rutland@arm.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Kees Cook <keescook@chromium.org>,
Peter Zijlstra <peterz@infradead.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
kernel list <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]
Date: Fri, 28 Oct 2016 10:51:41 +0100 [thread overview]
Message-ID: <20161028095141.GA5806@leverpostej> (raw)
In-Reply-To: <20161027212747.GA18147@amd>
Hi,
I missed the original, so I've lost some context.
Has this been tested on a system vulnerable to rowhammer, and if so, was
it reliable in mitigating the issue?
Which particular attack codebase was it tested against?
On Thu, Oct 27, 2016 at 11:27:47PM +0200, Pavel Machek wrote:
> --- /dev/null
> +++ b/kernel/events/nohammer.c
> @@ -0,0 +1,66 @@
> +/*
> + * Thanks to Peter Zijlstra <peterz@infradead.org>.
> + */
> +
> +#include <linux/perf_event.h>
> +#include <linux/module.h>
> +#include <linux/delay.h>
> +
> +struct perf_event_attr rh_attr = {
> + .type = PERF_TYPE_HARDWARE,
> + .config = PERF_COUNT_HW_CACHE_MISSES,
> + .size = sizeof(struct perf_event_attr),
> + .pinned = 1,
> + /* FIXME: it is 1000000 per cpu. */
> + .sample_period = 500000,
> +};
I'm not sure that this is general enough to live in core code, because:
* there are existing ways around this (e.g. in the drammer case, using a
non-cacheable mapping, which I don't believe would count as a cache
miss).
Given that, I'm very worried that this gives the false impression of
protection in cases where a software workaround of this sort is
insufficient or impossible.
* the precise semantics of performance counter events varies drastically
across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to
one particular level of cache, and/or may not be implemented on all
cores.
* On some implementations, it may be that the counters are not
interchangeable, and for those this would take away
PERF_COUNT_HW_CACHE_MISSES from existing users.
> +static DEFINE_PER_CPU(struct perf_event *, rh_event);
> +static DEFINE_PER_CPU(u64, rh_timestamp);
> +
> +static void rh_overflow(struct perf_event *event, struct perf_sample_data *data, struct pt_regs *regs)
> +{
> + u64 *ts = this_cpu_ptr(&rh_timestamp); /* this is NMI context */
> + u64 now = ktime_get_mono_fast_ns();
> + s64 delta = now - *ts;
> +
> + *ts = now;
> +
> + /* FIXME msec per usec, reverse logic? */
> + if (delta < 64 * NSEC_PER_MSEC)
> + mdelay(56);
> +}
If I round-robin my attack across CPUs, how much does this help?
Thanks,
Mark.
next prev parent reply other threads:[~2016-10-28 9:51 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-26 20:54 Getting interrupt every million cache misses Pavel Machek
2016-10-27 8:28 ` Peter Zijlstra
2016-10-27 8:46 ` Pavel Machek
2016-10-27 9:15 ` Peter Zijlstra
2016-10-27 9:11 ` Pavel Machek
2016-10-27 9:33 ` Peter Zijlstra
2016-10-27 20:40 ` [kernel-hardening] " Kees Cook
2016-10-27 20:40 ` Kees Cook
2016-10-27 21:27 ` [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses] Pavel Machek
2016-10-27 21:27 ` Pavel Machek
2016-10-28 7:07 ` [kernel-hardening] " Ingo Molnar
2016-10-28 7:07 ` Ingo Molnar
2016-10-28 8:50 ` [kernel-hardening] " Pavel Machek
2016-10-28 8:50 ` Pavel Machek
2016-10-28 8:59 ` [kernel-hardening] " Ingo Molnar
2016-10-28 8:59 ` Ingo Molnar
2016-10-28 11:55 ` [kernel-hardening] " Pavel Machek
2016-10-28 11:55 ` Pavel Machek
2016-10-28 9:04 ` [kernel-hardening] " Peter Zijlstra
2016-10-28 9:04 ` Peter Zijlstra
2016-10-28 9:27 ` [kernel-hardening] " Vegard Nossum
2016-10-28 9:27 ` Vegard Nossum
2016-10-28 9:35 ` [kernel-hardening] " Ingo Molnar
2016-10-28 9:35 ` Ingo Molnar
2016-10-28 9:47 ` [kernel-hardening] " Vegard Nossum
2016-10-28 9:47 ` Vegard Nossum
2016-10-28 9:53 ` [kernel-hardening] " Mark Rutland
2016-10-28 11:27 ` Pavel Machek
2016-10-28 11:27 ` Pavel Machek
2016-10-28 9:51 ` Mark Rutland [this message]
2016-10-28 11:21 ` [kernel-hardening] " Pavel Machek
2016-10-28 14:05 ` Mark Rutland
2016-10-28 14:18 ` Peter Zijlstra
2016-10-28 18:30 ` Pavel Machek
2016-10-28 18:48 ` Peter Zijlstra
2016-11-02 18:13 ` Pavel Machek
2016-10-28 17:27 ` Pavel Machek
2016-10-29 13:06 ` Daniel Gruss
2016-10-29 19:42 ` Pavel Machek
2016-10-29 20:05 ` Daniel Gruss
2016-10-29 20:14 ` Daniel Gruss
2016-10-29 21:05 ` Pavel Machek
2016-10-29 21:07 ` Daniel Gruss
2016-10-29 21:45 ` Pavel Machek
2016-10-29 21:49 ` Daniel Gruss
2016-10-29 22:01 ` Pavel Machek
2016-10-29 22:02 ` Daniel Gruss
2016-10-31 8:27 ` Pavel Machek
2016-10-31 14:47 ` Mark Rutland
2016-10-31 21:13 ` Pavel Machek
2016-10-31 22:09 ` Mark Rutland
2016-11-01 6:33 ` Ingo Molnar
2016-11-01 7:20 ` Daniel Micay
2016-11-01 7:53 ` Daniel Gruss
2016-11-01 8:10 ` Pavel Machek
2016-11-01 8:13 ` Daniel Gruss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161028095141.GA5806@leverpostej \
--to=mark.rutland@arm.com \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.