From: Pavel Machek <pavel@ucw.cz>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Kees Cook <keescook@chromium.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
kernel list <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]
Date: Fri, 28 Oct 2016 20:30:14 +0200 [thread overview]
Message-ID: <20161028183013.GA13354@amd> (raw)
In-Reply-To: <20161028141840.GI3142@twins.programming.kicks-ass.net>
[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]
On Fri 2016-10-28 16:18:40, Peter Zijlstra wrote:
> On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote:
> >
> > > > * the precise semantics of performance counter events varies drastically
> > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to
> > > > one particular level of cache, and/or may not be implemented on all
> > > > cores.
> > >
> > > If it maps to one particular cache level, we are fine (or maybe will
> > > trigger protection too often). If some cores are not counted, that's bad.
> >
> > Perhaps, but that depends on a number of implementation details. If "too
> > often" means "all the time", people will turn this off when they could
> > otherwise have been protected (e.g. if we can accurately monitor the
> > last level of cache).
>
> Right, so one of the things mentioned in the paper is x86 NT stores.
> Those are not cached and I'm not at all sure they're accounted in the
> event we use for cache misses.
Would you (or someone) have pointer to good documentation source on
available performance counters?
Rowhammer is normally done using reads (not writes), exploiting fact
that you can modify memory just by reading it. But it may be possible
that writes have similar effect, and that attacker cells can be far
enough from victim cells that it is a problem.
MOVNTDQA could be another problem, but hopefully that happens only on
memory types userland does not have access to.
Hmm, and according to short test, movnt is not counted:
pavel@duo:/data/l/linux/tools$ sudo perf_3.16 stat
--event=cache-misses ./a.out
^C./a.out: Interrupt
Performance counter stats for './a.out':
61,271 cache-misses
11.605840031 seconds time elapsed
long long foo;
void main(void)
{
foo = &foo;
while (1) {
asm volatile(
"mov foo, %edi \n\
movnti %eax, (%edi)");
}
}
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2016-10-28 18:31 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-26 20:54 Getting interrupt every million cache misses Pavel Machek
2016-10-27 8:28 ` Peter Zijlstra
2016-10-27 8:46 ` Pavel Machek
2016-10-27 9:15 ` Peter Zijlstra
2016-10-27 9:11 ` Pavel Machek
2016-10-27 9:33 ` Peter Zijlstra
2016-10-27 20:40 ` Kees Cook
2016-10-27 21:27 ` rowhammer protection [was Re: Getting interrupt every million cache misses] Pavel Machek
2016-10-28 7:07 ` Ingo Molnar
2016-10-28 8:50 ` Pavel Machek
2016-10-28 8:59 ` Ingo Molnar
2016-10-28 11:55 ` Pavel Machek
2016-10-28 9:04 ` Peter Zijlstra
2016-10-28 9:27 ` Vegard Nossum
2016-10-28 9:35 ` Ingo Molnar
2016-10-28 9:47 ` Vegard Nossum
2016-10-28 9:53 ` [kernel-hardening] " Mark Rutland
2016-10-28 11:27 ` Pavel Machek
2016-10-28 9:51 ` [kernel-hardening] " Mark Rutland
2016-10-28 11:21 ` Pavel Machek
2016-10-28 14:05 ` Mark Rutland
2016-10-28 14:18 ` Peter Zijlstra
2016-10-28 18:30 ` Pavel Machek [this message]
2016-10-28 18:48 ` Peter Zijlstra
2016-11-02 18:13 ` Pavel Machek
2016-10-28 17:27 ` Pavel Machek
2016-10-29 13:06 ` Daniel Gruss
2016-10-29 19:42 ` Pavel Machek
2016-10-29 20:05 ` Daniel Gruss
2016-10-29 21:05 ` Pavel Machek
2016-10-29 21:07 ` Daniel Gruss
2016-10-29 21:45 ` Pavel Machek
2016-10-29 21:49 ` Daniel Gruss
2016-10-29 22:01 ` Pavel Machek
2016-10-29 22:02 ` Daniel Gruss
2016-10-31 8:27 ` Pavel Machek
2016-10-31 14:47 ` Mark Rutland
2016-10-31 21:13 ` Pavel Machek
2016-10-31 22:09 ` Mark Rutland
2016-11-01 6:33 ` Ingo Molnar
2016-11-01 7:20 ` Daniel Micay
2016-11-01 7:53 ` Daniel Gruss
2016-11-01 8:10 ` Pavel Machek
2016-11-01 8:13 ` Daniel Gruss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161028183013.GA13354@amd \
--to=pavel@ucw.cz \
--cc=acme@redhat.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).