From: Ingo Molnar <mingo@kernel.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>,
kernel-hardening@lists.openwall.com,
Frederic Weisbecker <fweisbec@gmail.com>,
Dan Rosenberg <drosenberg@vsecurity.com>,
virtualization@lists.linux-foundation.org,
"H. Peter Anvin" <hpa@zytor.com>, Alex Shi <alex.shi@intel.com>,
x86@kernel.org, Ingo Molnar <mingo@redhat.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Alexander Duyck <alexander.h.duyck@intel.com>,
Kees Cook <keescook@chromium.org>, Julien Tinnes <jln@google.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Borislav Petkov <borislav.petkov@amd.com>,
Steven Rostedt <rostedt@goodmis.org>,
xen-devel@lists.xensource.com,
Thomas Gleixner <tglx@linutronix.de>,
Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86: make IDT read-only
Date: Wed, 10 Apr 2013 11:57:16 +0200 [thread overview]
Message-ID: <20130410095716.GF24443@gmail.com> (raw)
In-Reply-To: <877gkc596d.fsf@xmission.com>
* Eric W. Biederman <ebiederm@xmission.com> wrote:
> "H. Peter Anvin" <hpa@zytor.com> writes:
>
> > On 04/08/2013 03:43 PM, Kees Cook wrote:
> >> This makes the IDT unconditionally read-only. This primarily removes
> >> the IDT from being a target for arbitrary memory write attacks. It has
> >> an added benefit of also not leaking (via the "sidt" instruction) the
> >> kernel base offset, if it has been relocated.
> >>
> >> Signed-off-by: Kees Cook <keescook@chromium.org>
> >> Cc: Eric Northup <digitaleric@google.com>
> >
> > Also, tglx: does this interfere with your per-cpu IDT efforts?
>
> Given that we don't change any IDT entries why would anyone want a
> per-cpu IDT? The cache lines should easily be shared accross all
> processors.
That's true iif they are cached.
If not then it's a remote DRAM access cache miss for all CPUs except the node that
holds that memory.
> Or are there some giant NUMA machines that trigger cache misses when accessing
> the IDT and the penalty for pulling the cache line across the NUMA fabric is
> prohibitive?
IDT accesses for pure userspace execution are pretty rare. So we are not just
talking about huge NUMA machines here but about ordinary NUMA machines taking a
remote cache miss hit for the first IRQ or other IDT-accessing operation they do
after some cache-intense user-space processing.
It's a small effect, but it exists and improving it would be legitimate.
Thanks,
Ingo
next prev parent reply other threads:[~2013-04-10 9:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-08 22:43 [PATCH] x86: make IDT read-only Kees Cook
2013-04-08 22:47 ` H. Peter Anvin
2013-04-08 22:55 ` Kees Cook
2013-04-08 22:48 ` H. Peter Anvin
2013-04-09 9:23 ` Thomas Gleixner
2013-04-09 9:45 ` Eric W. Biederman
2013-04-10 9:57 ` Ingo Molnar [this message]
2013-04-10 10:40 ` Eric W. Biederman
2013-04-10 16:31 ` Eric Northup
2013-04-10 16:48 ` H. Peter Anvin
[not found] ` <alpine.LFD.2.02.1304091122490.21884@ionos>
2013-04-09 18:22 ` [kernel-hardening] " Kees Cook
2013-04-09 18:26 ` H. Peter Anvin
2013-04-09 18:31 ` Kees Cook
2013-04-09 18:39 ` H. Peter Anvin
2013-04-09 18:46 ` Kees Cook
2013-04-09 18:50 ` H. Peter Anvin
2013-04-09 18:53 ` Kees Cook
2013-04-09 18:54 ` Eric Northup
2013-04-09 18:59 ` H. Peter Anvin
2013-04-10 0:43 ` Readonly GDT H. Peter Anvin
2013-04-10 0:53 ` Steven Rostedt
2013-04-10 0:58 ` H. Peter Anvin
2013-04-10 9:42 ` [Xen-devel] " Jan Beulich
2013-04-10 14:16 ` H. Peter Anvin
2013-04-10 18:28 ` H. Peter Anvin
2013-04-10 9:41 ` [kernel-hardening] Re: [PATCH] x86: make IDT read-only Ingo Molnar
2013-04-10 0:03 ` H. Peter Anvin
2013-04-10 9:52 ` Ingo Molnar
2013-04-08 22:56 ` Maciej W. Rozycki
[not found] ` <alpine.LFD.2.03.1304082350540.25182@linux-mips.org>
2013-04-08 23:00 ` Kees Cook
2013-04-08 23:05 ` Kees Cook
2013-04-08 23:42 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130410095716.GF24443@gmail.com \
--to=mingo@kernel.org \
--cc=alex.shi@intel.com \
--cc=alexander.h.duyck@intel.com \
--cc=borislav.petkov@amd.com \
--cc=drosenberg@vsecurity.com \
--cc=ebiederm@xmission.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jeremy@goop.org \
--cc=jln@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).