Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Nov 2020 13:27:34 +1100
From: Daniel Axtens <dja@...ens.net>
To: oss-security@...ts.openwall.com
Cc: cmr@...ormatik.wtf, ruscur@...sell.cc, npiggin@...il.com, mpe@...erman.id.au, spoorts2@...ibm.com
Subject: Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9

Hi,

> This issue can be mitigated by flushing the L1 cache between privilege
> boundaries of concern.

There's been interest in the performance impact of doing this sort of
flush. The impact depends on the workload, on how often the kernel is
entered and for what, and on the particular flush mechanism supported by
the machine.

To take an unscientific example, I tested compiling a kernel. I dropped
caches, did 1 build to warm the cache, and then 5 timed builds. The
machine uses the mttrig flush.

Wall clock time:
neither flush: avg 98.796s (min 98.329s - max 99.229s) -- 100%
entry flush:   avg 99.061s (min 98.935s - max 99.188s) -- 100.27%
both flushes:  avg 99.158s (min 98.303s - max 99.683s) -- 100.37%

As you can see, the performance impact for this test was less than 0.4%
on this machine.

I want to be clear that this isn't an official claim of performance
under any particular configuration or workload. Your results may vary.

As always, systems running in trusted environments can be booted with
mitigations=off or the firmware 'risk level' adjusted to disable a range
of speculative execution mitigations, including these.

Kind regards,
Daniel

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.