From: Kees Cook <keescook@chromium.org>
To: Balbir Singh <sblbir@amazon.com>
Cc: tglx@linutronix.de, linux-kernel@vger.kernel.org,
jpoimboe@redhat.com, tony.luck@intel.com,
benh@kernel.crashing.org, x86@kernel.org, dave.hansen@intel.com
Subject: Re: [PATCH v4 6/6] Documentation: Add L1D flushing Documentation
Date: Thu, 23 Apr 2020 12:20:21 -0700 [thread overview]
Message-ID: <202004231220.89FC5FCE@keescook> (raw)
In-Reply-To: <20200423140125.7332-7-sblbir@amazon.com>
On Fri, Apr 24, 2020 at 12:01:25AM +1000, Balbir Singh wrote:
> Add documentation of l1d flushing, explain the need for the
> feature and how it can be used.
>
> Signed-off-by: Balbir Singh <sblbir@amazon.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> Documentation/admin-guide/hw-vuln/index.rst | 1 +
> .../admin-guide/hw-vuln/l1d_flush.rst | 40 +++++++++++++++++++
> 2 files changed, 41 insertions(+)
> create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst
>
> diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst
> index 0795e3c2643f..35633b299d45 100644
> --- a/Documentation/admin-guide/hw-vuln/index.rst
> +++ b/Documentation/admin-guide/hw-vuln/index.rst
> @@ -14,3 +14,4 @@ are configurable at compile, boot or run time.
> mds
> tsx_async_abort
> multihit.rst
> + l1d_flush
> diff --git a/Documentation/admin-guide/hw-vuln/l1d_flush.rst b/Documentation/admin-guide/hw-vuln/l1d_flush.rst
> new file mode 100644
> index 000000000000..7d515b8c29f1
> --- /dev/null
> +++ b/Documentation/admin-guide/hw-vuln/l1d_flush.rst
> @@ -0,0 +1,40 @@
> +L1D Flushing for the paranoid
> +=============================
> +
> +With an increasing number of vulnerabilities being reported around data
> +leaks from L1D, a new user space mechanism to flush the L1D cache on
> +context switch is added to the kernel. This should help address
> +CVE-2020-0550 and for paranoid applications, keep them safe from any
> +yet to be discovered vulnerabilities, related to leaks from the L1D
> +cache.
> +
> +Tasks can opt in to this mechanism by using a prctl (implemented only
> +for x86 at the moment).
> +
> +Related CVES
> +------------
> +At the present moment, the following CVEs can be addressed by this
> +mechanism
> +
> + ============= ======================== ==================
> + CVE-2020-0550 Improper Data Forwarding OS related aspects
> + ============= ======================== ==================
> +
> +Usage Guidelines
> +----------------
> +Applications can call ``prctl(2)`` with one of these two arguments
> +
> +1. PR_SET_L1D_FLUSH - flush the L1D cache on context switch (out)
> +2. PR_GET_L1D_FLUSH - get the current state of the L1D cache flush, returns 1
> + if set and 0 if not set.
> +
> +**NOTE**: The feature is disabled by default, applications to need to specifically
> +opt into the feature to enable it.
> +
> +Mitigation
> +----------
> +When PR_SET_L1D_FLUSH is enabled for a task, on switching tasks (when
> +the address space changes), a flush of the L1D cache is performed for
> +the task when it leaves the CPU. If the underlying CPU supports L1D
> +flushing in hardware, the hardware mechanism is used, otherwise a software
> +fallback, similar to the mechanism used by L1TF is used.
> --
> 2.17.1
>
--
Kees Cook
prev parent reply other threads:[~2020-04-23 19:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-23 14:01 [PATCH v4 0/6] Optionally flush L1D on context switch Balbir Singh
2020-04-23 14:01 ` [PATCH v4 1/6] arch/x86/kvm: Refactor l1d flush lifecycle management Balbir Singh
2020-04-24 18:59 ` Tom Lendacky
2020-04-25 1:49 ` Singh, Balbir
2020-05-01 3:48 ` Singh, Balbir
2020-05-01 14:16 ` Tom Lendacky
2020-04-23 14:01 ` [PATCH v4 2/6] arch/x86/kvm: Refactor tlbflush and l1d flush Balbir Singh
2020-04-24 19:04 ` Tom Lendacky
2020-04-25 2:00 ` Singh, Balbir
2020-04-23 14:01 ` [PATCH v4 3/6] arch/x86/mm: Refactor cond_ibpb() to support other use cases Balbir Singh
2020-04-23 14:01 ` [PATCH v4 4/6] arch/x86/kvm: Refactor L1D flushing Balbir Singh
2020-04-23 14:01 ` [PATCH v4 5/6] Optionally flush L1D on context switch Balbir Singh
2020-04-23 19:19 ` Kees Cook
2020-04-24 9:56 ` Singh, Balbir
2020-04-23 14:01 ` [PATCH v4 6/6] Documentation: Add L1D flushing Documentation Balbir Singh
2020-04-23 19:20 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202004231220.89FC5FCE@keescook \
--to=keescook@chromium.org \
--cc=benh@kernel.crashing.org \
--cc=dave.hansen@intel.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sblbir@amazon.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox