From: "Russell King (Oracle)" <linux@armlinux.org.uk>
To: xieyuanbin1 <xieyuanbin1@huawei.com>
Cc: liaohua4@huawei.com, lincheng8@huawei.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, nixiaoming@huawei.com,
sfr@canb.auug.org.au, wangbing6@huawei.com,
wangfangpeng1@huawei.com, will@kernel.org
Subject: Re: [PATCH] ARM: spectre-v2: fix unstable cpu get
Date: Thu, 24 Apr 2025 14:50:30 +0100 [thread overview]
Message-ID: <aApBpnDcq2KNkfAs@shell.armlinux.org.uk> (raw)
In-Reply-To: <20250424133133.40122-1-xieyuanbin1@huawei.com>
On Thu, Apr 24, 2025 at 09:31:33PM +0800, xieyuanbin1 wrote:
> I've actually thought about a similar problem. In areas other than put_cpu/get_cpu, tasks may be scheduled to other CPUs, this cpu actually does not execute the spectre code.
My point is that if harden_branch_predictor() has been called from a
context where we are preemptible, then we _could_ end up running on a
different CPU to the one that we need to take action.
Consider your test program running on CPU 1 which requires fixup. It
takes a fault, and before we enter harden_branch_predictor(), we end
up being migrated to CPU 0, but doesn't require a switch of the MM.
Let's say we then disable preemption and then call
harden_branch_predictor(), and then restore the preemption state.
The thread then gets migrated back to CPU 1. Again, no switch of
the MM.
At this point, the mitigation has been completely bypassed.
IMHO, better to be noisy about this event (and it is only a kernel
warning) than to be silent about it and let userspace get away with
bypassing the mitigation.
I don't care if this disrupts test tooling. The trade off between
test tooling having a problem and a silent data leak through this
channel... the answer is pretty obvious that the test tooling
failing is less important than having a silent data leak.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
next prev parent reply other threads:[~2025-04-24 13:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 10:04 [PATCH] ARM: spectre-v2: fix unstable cpu get xieyuanbin1
2025-04-24 10:21 ` Russell King (Oracle)
2025-04-24 13:31 ` xieyuanbin1
2025-04-24 13:50 ` Russell King (Oracle) [this message]
2025-04-24 14:03 ` xieyuanbin1
2025-05-07 12:28 ` [RFC PATCH] ARM: spectre-v2: fix the spectre operation that may be bypassed Xie Yuanbin
2025-06-06 1:43 ` [RFC RESEND " Xie Yuanbin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aApBpnDcq2KNkfAs@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=liaohua4@huawei.com \
--cc=lincheng8@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nixiaoming@huawei.com \
--cc=sfr@canb.auug.org.au \
--cc=wangbing6@huawei.com \
--cc=wangfangpeng1@huawei.com \
--cc=will@kernel.org \
--cc=xieyuanbin1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).