From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v3 00/32] MDSv3 12
Date: Wed, 9 Jan 2019 12:18:04 -0500 [thread overview]
Message-ID: <20190109171804.GV23427@char.us.oracle.com> (raw)
In-Reply-To: <cover.1545351936.git.ak@linux.intel.com>
On Thu, Dec 20, 2018 at 04:27:10PM -0800, speck for Andi Kleen wrote:
> From: Andi Kleen <ak@linux.intel.com>
> Subject: MDSv3
>
> Here's a new version of flushing CPU buffers for group 4.
Could you send also a git bundle of them please? The titles of them is not in sync with the XX/YY.
I can probably figure out the right flow but it would help (also helps in review).
Thank you!
And one more thing - I see 'MB' and 'MDS' and also 'MSB' (Microarchitectual
Store Buffer).
> VERW is not done unconditionally because it doesn't allow reporting
> the correct status in the vulnerabilities file, which I consider important.
> Instead we now have a mds=verw option that can be set as needed,
msd=force
Is how it was handled for SSBD and L1TF I believe? Could that be used?
> but is reported explicitely in the mitigation status.
>
> Some notes:
> - Against 4.20-rc5
> - There's a new (bogus) build time warning from objtool about unreachable code.
>
> Changes against previous versions:
> - By default now flushes only when needed
> - Define security model
> - New administrator document
> - Added mds=verw and mds=full
> - Renamed mds_disable to mds=off
> - KVM virtualization much improved
> - Too many others to list. Most things different now.
>
> Andi Kleen (32):
> x86/speculation/mds: Add basic bug infrastructure for MDS
> x86/speculation/mds: Support clearing CPU data on kernel exit
> x86/speculation/mds: Support mds=full
> x86/speculation/mds: Clear CPU buffers on entering idle
> x86/speculation/mds: Add sysfs reporting
> x86/speculation/mds: Add software sequences for older CPUs.
> x86/speculation/mds: Support mds=full for NMIs
> x86/speculation/mds: Avoid NMI races with software sequences
> x86/speculation/mds: Call software sequences on KVM entry
> x86/speculation/mds: Clear buffers on NMI exit on 32bit kernels.
> x86/speculation/mds: Add mds=verw
> x86/speculation/mds: Export MB_CLEAR CPUID to KVM guests.
> x86/speculation/mds: Always clear when entering guest without MB_CLEAR
> mds: Add documentation for clear cpu usage
> mds: Add preliminary administrator documentation
> x86/speculation/mds: Introduce lazy_clear_cpu
> x86/speculation/mds: Schedule cpu clear on context switch
> x86/speculation/mds: Add tracing for clear_cpu
> mds: Force clear cpu on kernel preemption
> mds: Schedule cpu clear for memzero_explicit and kzfree
> mds: Mark interrupts clear cpu, unless opted-out
> mds: Clear cpu on all timers, unless the timer opts-out
> mds: Clear CPU on tasklets, unless opted-out
> mds: Clear CPU on irq poll, unless opted-out
> mds: Clear cpu for string io/memcpy_*io in interrupts
> mds: Schedule clear cpu in swiotlb
> mds: Instrument skb functions to clear cpu automatically
> mds: Opt out tcp tasklet to not touch user data
> mds: mark kernel/* timers safe as not touching user data
> mds: Mark AHCI interrupt as not needing cpu clear
> mds: Mark ACPI interrupt as not needing cpu clear
> mds: Mitigate BPF
>
> .../ABI/testing/sysfs-devices-system-cpu | 1 +
> .../admin-guide/kernel-parameters.txt | 29 +++
> Documentation/admin-guide/mds.rst | 128 +++++++++++++
> Documentation/clearcpu.txt | 179 ++++++++++++++++++
> arch/Kconfig | 3 +
> arch/x86/Kconfig | 1 +
> arch/x86/entry/common.c | 24 ++-
> arch/x86/entry/entry_32.S | 7 +
> arch/x86/entry/entry_64.S | 24 +++
> arch/x86/include/asm/clearbpf.h | 29 +++
> arch/x86/include/asm/clearcpu.h | 100 ++++++++++
> arch/x86/include/asm/cpufeatures.h | 4 +
> arch/x86/include/asm/io.h | 3 +
> arch/x86/include/asm/msr-index.h | 1 +
> arch/x86/include/asm/thread_info.h | 2 +
> arch/x86/include/asm/trace/clearcpu.h | 27 +++
> arch/x86/kernel/acpi/cstate.c | 2 +
> arch/x86/kernel/cpu/bugs.c | 108 +++++++++++
> arch/x86/kernel/cpu/common.c | 14 ++
> arch/x86/kernel/kvm.c | 3 +
> arch/x86/kernel/process.c | 5 +
> arch/x86/kernel/process.h | 27 +++
> arch/x86/kernel/smpboot.c | 3 +
> arch/x86/kvm/cpuid.c | 3 +-
> arch/x86/kvm/vmx.c | 23 ++-
> arch/x86/lib/Makefile | 1 +
> arch/x86/lib/clear_cpu.S | 104 ++++++++++
> drivers/acpi/acpi_pad.c | 2 +
> drivers/acpi/osl.c | 3 +-
> drivers/acpi/processor_idle.c | 3 +
> drivers/ata/ahci.c | 2 +-
> drivers/ata/ahci.h | 2 +
> drivers/ata/libahci.c | 40 ++--
> drivers/base/cpu.c | 8 +
> drivers/idle/intel_idle.c | 5 +
> include/asm-generic/io.h | 3 +
> include/linux/clearcpu.h | 36 ++++
> include/linux/filter.h | 21 +-
> include/linux/hrtimer.h | 4 +
> include/linux/interrupt.h | 18 +-
> include/linux/irq_poll.h | 2 +
> include/linux/skbuff.h | 2 +
> include/linux/timer.h | 9 +-
> kernel/bpf/core.c | 2 +
> kernel/dma/swiotlb.c | 2 +
> kernel/events/core.c | 6 +-
> kernel/fork.c | 3 +-
> kernel/futex.c | 6 +-
> kernel/irq/handle.c | 8 +
> kernel/irq/manage.c | 1 +
> kernel/sched/core.c | 14 +-
> kernel/sched/deadline.c | 6 +-
> kernel/sched/fair.c | 7 +-
> kernel/sched/idle.c | 3 +-
> kernel/sched/rt.c | 3 +-
> kernel/softirq.c | 25 ++-
> kernel/time/alarmtimer.c | 2 +-
> kernel/time/hrtimer.c | 11 +-
> kernel/time/posix-timers.c | 6 +-
> kernel/time/sched_clock.c | 3 +-
> kernel/time/tick-sched.c | 6 +-
> kernel/time/timer.c | 8 +
> kernel/watchdog.c | 3 +-
> lib/irq_poll.c | 18 +-
> lib/string.c | 6 +
> mm/slab_common.c | 5 +-
> net/core/skbuff.c | 26 +++
> net/ipv4/tcp_output.c | 5 +-
> 68 files changed, 1138 insertions(+), 62 deletions(-)
> create mode 100644 Documentation/admin-guide/mds.rst
> create mode 100644 Documentation/clearcpu.txt
> create mode 100644 arch/x86/include/asm/clearbpf.h
> create mode 100644 arch/x86/include/asm/clearcpu.h
> create mode 100644 arch/x86/include/asm/trace/clearcpu.h
> create mode 100644 arch/x86/lib/clear_cpu.S
> create mode 100644 include/linux/clearcpu.h
>
> --
> 2.17.2
next prev parent reply other threads:[~2019-01-09 17:18 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-21 0:27 [MODERATED] [PATCH v3 00/32] MDSv3 12 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 01/32] MDSv3 7 Andi Kleen
2019-01-09 17:38 ` [MODERATED] " Konrad Rzeszutek Wilk
2018-12-21 0:27 ` [MODERATED] [PATCH v3 02/32] MDSv3 22 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 03/32] MDSv3 5 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 04/32] MDSv3 3 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 05/32] MDSv3 0 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 06/32] MDSv3 8 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 07/32] MDSv3 21 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 08/32] MDSv3 15 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 09/32] MDSv3 10 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 10/32] MDSv3 11 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 11/32] MDSv3 29 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 12/32] MDSv3 19 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 13/32] MDSv3 6 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 14/32] MDSv3 28 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 15/32] MDSv3 27 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 16/32] MDSv3 4 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 17/32] MDSv3 13 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 18/32] MDSv3 32 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 19/32] MDSv3 16 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 20/32] MDSv3 24 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 21/32] MDSv3 25 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 22/32] MDSv3 23 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 23/32] MDSv3 31 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 24/32] MDSv3 30 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 25/32] MDSv3 9 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 26/32] MDSv3 14 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 27/32] MDSv3 18 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 28/32] MDSv3 20 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 29/32] MDSv3 26 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 30/32] MDSv3 17 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 31/32] MDSv3 1 Andi Kleen
2018-12-21 0:27 ` [MODERATED] [PATCH v3 32/32] MDSv3 2 Andi Kleen
2019-01-09 17:09 ` [MODERATED] Re: [PATCH v3 00/32] MDSv3 12 Linus Torvalds
2019-01-09 17:31 ` Andi Kleen
2019-01-09 17:38 ` Linus Torvalds
2019-01-09 18:06 ` Andi Kleen
2019-01-09 18:14 ` Linus Torvalds
2019-01-09 19:49 ` Andi Kleen
2019-01-09 17:18 ` Konrad Rzeszutek Wilk [this message]
2019-01-09 17:41 ` Andi Kleen
2019-01-09 18:09 ` Konrad Rzeszutek Wilk
2019-01-09 18:42 ` Andi Kleen
2019-01-09 17:35 ` Linus Torvalds
2019-01-09 18:14 ` Andi Kleen
2019-01-09 18:32 ` Linus Torvalds
2019-01-10 6:01 ` Jiri Kosina
2019-01-10 16:05 ` Andi Kleen
2019-01-09 17:39 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190109171804.GV23427@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.