Re: [patch] Performance Counters for Linux, v4

From: Pavel Machek
Date: Tue Dec 16 2008 - 15:04:52 EST

Next message: Ingo Molnar: "Re: [PATCH] xen: whitespace/checkpatch cleanup"
Previous message: Jan Engelhardt: "Re: [PATCH] net: Remove a noisy printk"
In reply to: Arjan van de Ven: "Re: [patch] Performance Counters for Linux, v4"
Next in thread: Peter Zijlstra: "Re: [patch] Performance Counters for Linux, v4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue 2008-12-16 14:13:30, Arjan van de Ven wrote:
> On Tue, 16 Dec 2008 14:03:02 +0100
> Ingo Molnar <mingo@xxxxxxx> wrote:
>
> > > > - plus you have to forbid SMT CPUs as well. On HT a task could
> > > > co-schedule with your setuid task and observe its timing
> > > > characteristics via its _own_ behavior. (which is impacted by
> > > > whatever is running on another SMT/HT thread.)
> > >
> > > Yes, SMT is evil.
> >
> > HT got added back to Nehalem, so SMT is coming to you in every future
> > x86 CPU. It brings a serious performance win, so nobody will turn
> > off

Fortunately, Intel is not the only x86 vendor :-).

> > SMT threading in practice. If SMT worries you, it needs explicit
> > partitioning of security-relevant processing to different physical
> > CPUs, via cgroups/cpusets/etc.

I guess we should refuse to run threads from different uids on one
physical core...

> and/or you use properly implemented crypto code (see Bruce Schneider's
> books). The timing "problem" isn't really SMT specific. If you have
> improperly implemented crypto (eg crypto code where the code paths and
> not just the data payload are key dependent) then on any system with
> more than one (logical) processor there is interference that an
> attacker can use.
>
> The only possible answer is to use proper implementation; turning off HT
> may make you feel good but you go from shoddy crypto for which there is
> some internet papers on how to crack it, to shoddy crypto for which the
> same papers apply ;)

It is not only timing. If attacker has access to detailed cache miss
statistics, things are easier for him... I probably should review the
books, but even if code paths are key-independend (hard), you'll get
timing differences due to [data] cache misses...?

Ok, this is getting off-topic.

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH] xen: whitespace/checkpatch cleanup"
Previous message: Jan Engelhardt: "Re: [PATCH] net: Remove a noisy printk"
In reply to: Arjan van de Ven: "Re: [patch] Performance Counters for Linux, v4"
Next in thread: Peter Zijlstra: "Re: [patch] Performance Counters for Linux, v4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]