From: Andrew Cooper <andrew.cooper3@citrix.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v3 2/6] PERFv3
Date: Fri, 8 Feb 2019 09:31:05 +0000 [thread overview]
Message-ID: <4077265a-9ea0-f82e-ac3d-d817a41c25ff@citrix.com> (raw)
In-Reply-To: <20190208090147.GK32477@hirez.programming.kicks-ass.net>
[-- Attachment #1: Type: text/plain, Size: 2311 bytes --]
On 08/02/2019 09:01, speck for Peter Zijlstra wrote:
> On Fri, Feb 08, 2019 at 12:51:01AM +0000, speck for Andrew Cooper wrote:
>> On 07/02/2019 23:41, speck for Andi Kleen wrote:
>>> This patch assumes that the kernel is using
>>> RETPOLINE (or IBRS), otherwise speculative execution could
>>> still corrupt counter 3 in very unlikely cases.
>> What has the kernel configuration got to do with it?
>>
>> It is my understanding that any execution of an XBEGIN instruction, even
>> speculatively, even in userspace will result in PCR3 getting modified.
>>
>> A CPU either has force abort mode active, or PCR3 can be changed behind
>> the kernel's back.
> We are executing kernel code; therefore any user RTM will have aborted
> and is irrelevant.
>
> So what the kernel does is:
>
> /*
> * And as noted; userspace transactions will be aborted by
> * having entered the kernel. The kernel does not use RTM
> * itself.
> */
>
>
> /*
> * stops all counters; irrespective of ucode using PMC3 or not
> */
> GLOBAL_CTRL = 0;
>
> /*
> * program PMC3
> */
> CTRVAL3 = x;
> EVTSEL3 = y;
>
> /*
> * Set the TFA bit to make ucode not touch PMC3; since there has
> * not been an RTM instruction between GLOBAL_CTRL=0 and here,
> * PMC3 will still be {x,y} as we just wrote.
> *
> * This is what requires RETPOLINE/IBRS; because otherwise
> * speculation could see a partial kernel instruction that looks
> * like RTM, which would mess things up.
> */
> WRMSR(MSR_TFA, 1);
Ok, so this is a narrow window during PMC reprogramming.
What other code exists between the PMC3 setup and TFA setup? Even with
Retpoline, BCBS can be used by a determined attacker to hijack ret
speculation for a short period of time. Then again, I suppose that is a
security hole in and of itself.
Also, you are blindly trusting that there is no part of your hypervisor
or SMI handler that will execute an XBEGIN instruction, even
speculatively. The hypervisor part is easy if noone exposes TFA to
guests, but you have no control over the SMI handler, or the fact that
if one hits, your rets will start speculating into SRAM region again.
Perhaps the risk here is sufficiently small to be fine in practice, but
it is isn't zero.
~Andrew
next prev parent reply other threads:[~2019-02-08 9:31 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-07 23:41 [MODERATED] [PATCH v3 0/6] PERFv3 Andi Kleen
2019-02-07 23:41 ` [MODERATED] [PATCH v3 1/6] PERFv3 Andi Kleen
2019-02-08 8:45 ` [MODERATED] " Peter Zijlstra
2019-02-07 23:41 ` [MODERATED] [PATCH v3 2/6] PERFv3 Andi Kleen
2019-02-08 0:51 ` [MODERATED] Re: [SUSPECTED SPAM][PATCH " Andrew Cooper
2019-02-08 9:01 ` Peter Zijlstra
2019-02-08 9:31 ` Andrew Cooper [this message]
2019-02-08 9:39 ` Peter Zijlstra
2019-02-08 10:53 ` [MODERATED] [RFC][PATCH] performance walnuts Peter Zijlstra
2019-02-08 18:07 ` [MODERATED] " Andi Kleen
2019-02-11 10:40 ` Peter Zijlstra
2019-02-11 14:06 ` Thomas Gleixner
2019-02-11 20:17 ` [MODERATED] " Konrad Rzeszutek Wilk
2019-02-11 23:39 ` Thomas Gleixner
2019-02-09 0:28 ` [MODERATED] " Linus Torvalds
2019-02-09 4:34 ` Andi Kleen
2019-02-09 8:57 ` Peter Zijlstra
2019-02-13 2:56 ` mark gross
2019-02-15 17:32 ` mark gross
2019-02-15 17:44 ` Peter Zijlstra
2019-02-15 20:47 ` mark gross
2019-02-15 21:33 ` Thomas Gleixner
2019-02-19 13:35 ` [MODERATED] [RFC][PATCH v2] " Peter Zijlstra
2019-02-15 23:45 ` [MODERATED] Encrypted Message Jon Masters
2019-02-08 8:50 ` [MODERATED] Re: [PATCH v3 2/6] PERFv3 Peter Zijlstra
2019-02-08 17:26 ` Andi Kleen
2019-02-07 23:41 ` [MODERATED] [PATCH v3 3/6] PERFv3 Andi Kleen
2019-02-08 9:02 ` [MODERATED] " Peter Zijlstra
2019-02-07 23:41 ` [MODERATED] [PATCH v3 4/6] PERFv3 Andi Kleen
2019-02-07 23:41 ` [MODERATED] [PATCH v3 5/6] PERFv3 Andi Kleen
2019-02-08 0:54 ` [MODERATED] " Andrew Cooper
2019-02-07 23:41 ` [MODERATED] [PATCH v3 6/6] PERFv3 Andi Kleen
2019-02-08 9:07 ` [MODERATED] " Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4077265a-9ea0-f82e-ac3d-d817a41c25ff@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.