From: ebiederm@xmission.com (Eric W. Biederman)
To: Ingo Molnar <mingo@kernel.org>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>,
kernel-hardening@lists.openwall.com,
Frederic Weisbecker <fweisbec@gmail.com>,
Dan Rosenberg <drosenberg@vsecurity.com>,
virtualization@lists.linux-foundation.org,
"H. Peter Anvin" <hpa@zytor.com>, Alex Shi <alex.shi@intel.com>,
x86@kernel.org, Ingo Molnar <mingo@redhat.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Alexander Duyck <alexander.h.duyck@intel.com>,
Kees Cook <keescook@chromium.org>, Julien Tinnes <jln@google.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Borislav Petkov <borislav.petkov@amd.com>,
Steven Rostedt <rostedt@goodmis.org>,
xen-devel@lists.xensource.com,
Thomas Gleixner <tglx@linutronix.de>,
Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86: make IDT read-only
Date: Wed, 10 Apr 2013 03:40:33 -0700 [thread overview]
Message-ID: <87sj2yzn1a.fsf@xmission.com> (raw)
In-Reply-To: <20130410095716.GF24443@gmail.com> (Ingo Molnar's message of "Wed, 10 Apr 2013 11:57:16 +0200")
Ingo Molnar <mingo@kernel.org> writes:
> * Eric W. Biederman <ebiederm@xmission.com> wrote:
>
>> "H. Peter Anvin" <hpa@zytor.com> writes:
>>
>> > On 04/08/2013 03:43 PM, Kees Cook wrote:
>> >> This makes the IDT unconditionally read-only. This primarily removes
>> >> the IDT from being a target for arbitrary memory write attacks. It has
>> >> an added benefit of also not leaking (via the "sidt" instruction) the
>> >> kernel base offset, if it has been relocated.
>> >>
>> >> Signed-off-by: Kees Cook <keescook@chromium.org>
>> >> Cc: Eric Northup <digitaleric@google.com>
>> >
>> > Also, tglx: does this interfere with your per-cpu IDT efforts?
>>
>> Given that we don't change any IDT entries why would anyone want a
>> per-cpu IDT? The cache lines should easily be shared accross all
>> processors.
>
> That's true iif they are cached.
>
> If not then it's a remote DRAM access cache miss for all CPUs except the node that
> holds that memory.
>
>> Or are there some giant NUMA machines that trigger cache misses when accessing
>> the IDT and the penalty for pulling the cache line across the NUMA fabric is
>> prohibitive?
>
> IDT accesses for pure userspace execution are pretty rare. So we are not just
> talking about huge NUMA machines here but about ordinary NUMA machines taking a
> remote cache miss hit for the first IRQ or other IDT-accessing operation they do
> after some cache-intense user-space processing.
>
> It's a small effect, but it exists and improving it would be
> legitimate.
If the effect is measurable I agree it is a legitimate optimization. At
one point there was a suggestion to make the code in the IDT vectors
differ based on the which interrupt was registed. While that can also
reduce cache misses that can get hairy very quickly, and of course that
would require read-write IDTs.
My only practical concern with duplicating the IDT tables per cpu is (a)
there are generic idt handlers that remain unduplicated reducing the
benefit and this is essentially the same optimization as making the
entire kernel text per cpu which last time it was examined was not an
optimization worth making. So I wonder if just a subset of the
optimization is worth making.
Eric
next prev parent reply other threads:[~2013-04-10 10:40 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-08 22:43 [PATCH] x86: make IDT read-only Kees Cook
2013-04-08 22:47 ` H. Peter Anvin
2013-04-08 22:55 ` Kees Cook
2013-04-08 22:48 ` H. Peter Anvin
2013-04-09 9:23 ` Thomas Gleixner
2013-04-09 9:45 ` Eric W. Biederman
2013-04-10 9:57 ` Ingo Molnar
2013-04-10 10:40 ` Eric W. Biederman [this message]
2013-04-10 16:31 ` Eric Northup
2013-04-10 16:48 ` H. Peter Anvin
[not found] ` <alpine.LFD.2.02.1304091122490.21884@ionos>
2013-04-09 18:22 ` [kernel-hardening] " Kees Cook
2013-04-09 18:26 ` H. Peter Anvin
2013-04-09 18:31 ` Kees Cook
2013-04-09 18:39 ` H. Peter Anvin
2013-04-09 18:46 ` Kees Cook
2013-04-09 18:50 ` H. Peter Anvin
2013-04-09 18:53 ` Kees Cook
2013-04-09 18:54 ` Eric Northup
2013-04-09 18:59 ` H. Peter Anvin
2013-04-10 0:43 ` Readonly GDT H. Peter Anvin
2013-04-10 0:53 ` Steven Rostedt
2013-04-10 0:58 ` H. Peter Anvin
2013-04-10 9:42 ` [Xen-devel] " Jan Beulich
2013-04-10 14:16 ` H. Peter Anvin
2013-04-10 18:28 ` H. Peter Anvin
2013-04-10 9:41 ` [kernel-hardening] Re: [PATCH] x86: make IDT read-only Ingo Molnar
2013-04-10 0:03 ` H. Peter Anvin
2013-04-10 9:52 ` Ingo Molnar
2013-04-08 22:56 ` Maciej W. Rozycki
[not found] ` <alpine.LFD.2.03.1304082350540.25182@linux-mips.org>
2013-04-08 23:00 ` Kees Cook
2013-04-08 23:05 ` Kees Cook
2013-04-08 23:42 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sj2yzn1a.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=alex.shi@intel.com \
--cc=alexander.h.duyck@intel.com \
--cc=borislav.petkov@amd.com \
--cc=drosenberg@vsecurity.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jeremy@goop.org \
--cc=jln@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=wad@chromium.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).