[MODERATED] Re: GPZv4 - Konrad Rzeszutek Wilk

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: GPZv4
Date: Tue, 17 Apr 2018 22:48:22 -0400	[thread overview]
Message-ID: <20180418024816.GA6450@localhost.localdomain> (raw)
In-Reply-To: <67ef414c-f57c-0300-973b-f8898ee4d3b1@redhat.com>

On Tue, Apr 17, 2018 at 06:02:47PM -0400, speck for Jon Masters wrote:
> On 04/17/2018 06:01 PM, speck for Thomas Gleixner wrote:
> > On Tue, 17 Apr 2018, speck for Jiri Kosina wrote:
> > 
> >> On Tue, 17 Apr 2018, speck for Jon Masters wrote:
> >>
> >>> The proposal would be that it only allows you to go one-way. You can say
> >>> "I am vulnerable", turn off MD, but you can't say "I am not vulnerable".
> >>
> >> That means we probably never reach full coverage; the problem with this 
> >> "opt-in" aproach is that noone would ever bother (even more so as time 
> >> passess) to add this explicit "I am vulnerable" call into the source; it's 
> >> basically out of control, and thus unmaintainable.
> > 
> > We had the same discussion with the per process kpti control ...
> 
> Ok. Big hammer it is.

1) Are you thinking of a mix of a) big hammer (at boot up always disable
memory disambiguation, aka mdd=auto or sbb=auto or sbbd=auto), along with b)
inverting the prctl to opt-out - that is applications that feel they are safe
can opt-out and do an prctl saying: memory disambiguation security issues
be dammed - I want memory disambiguation on to get that 5% performance
back. Obviously they would need to be new to know about this bit.

And then any old application would suffer the performance penalty but
would be secure.

?

2). SBB vs MDD vs SBBD.

MDD = Memory Disambiguation Disable
SBB = Speculative Store Bypass
SBBD = Speculative Store Bypass Disable

Thomas likes 'MDD', Jon likes 'SBB', but he is also fine with 'SBBD'.

3). Semantics of SBBD or MDD boot time knob. I followed the way spectre_v2 did it.

That is this is knob is to disable something and they are:
'auto' - follow what the platform recommends. This being linux upstream
         discussion means following:
		on AMD - enable memory disambiguation.
		on Intel - no clue. For testing purposes I've left it
                           as disable memory disambiguation.

'off' - ignore what the vendor/distro recommends.
'force' - disable it, even if the platform says enable it (like on AMD).

And then two more to figure out when to apply the security glue:
'boot' or 'userspace'.

This ties in to 1) - that is if we are not going to provide a 'userspace'
option then there is no need to even provide the 'boot' option
so then this sub-discussion becomes moot.

Thomas (and Linus if you are skulking in the background) - you are the
top-dog(s) here, can you give the guidance please so I can redo the
patches on Thursday/Friday?

P.S.
I know the AMD secret sauce bits and can do the patches for this, but
are other folks authorized for this?

next prev parent reply	other threads:[~2018-04-18  2:48 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-17 18:26 [MODERATED] GPZv4 Jon Masters
2018-04-17 19:31 ` [MODERATED] GPZv4 Borislav Petkov
2018-04-17 19:56   ` Jon Masters
2018-04-17 20:37     ` Borislav Petkov
2018-04-17 21:03       ` Jon Masters
2018-04-17 21:20         ` Borislav Petkov
2018-04-17 21:22         ` GPZv4 Thomas Gleixner
2018-04-17 21:25           ` [MODERATED] GPZv4 Jiri Kosina
2018-04-17 21:38             ` Jon Masters
2018-04-17 21:43               ` Jiri Kosina
2018-04-17 22:01                 ` GPZv4 Thomas Gleixner
2018-04-17 22:02                   ` [MODERATED] GPZv4 Jon Masters
2018-04-18  2:48                     ` Konrad Rzeszutek Wilk [this message]
2018-04-18  3:44                       ` Jon Masters
2018-04-18  4:09                         ` Jon Masters
2018-04-18  4:18                           ` Jon Masters
2018-04-18  4:56                         ` Jon Masters
2018-04-18  7:06                         ` Jon Masters
2018-04-18  8:54                       ` GPZv4 Thomas Gleixner
2018-04-18 13:22                         ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:04                           ` GPZv4 Thomas Gleixner
2018-04-18 14:07                             ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:52                               ` Konrad Rzeszutek Wilk
2018-04-18 15:02                                 ` Jon Masters
2018-04-18 21:12                                   ` Konrad Rzeszutek Wilk
2018-04-18 21:20                                     ` Jon Masters
2018-04-17 21:36           ` Jon Masters

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180418024816.GA6450@localhost.localdomain \
    --to=konrad.wilk@oracle.com \
    --cc=speck@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.