[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting constant-time mode CPU flag

  • To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 14 Sep 2022 08:36:02 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T8zMGW22NDvpi1glwglzXZuSQ6YwiL37WMVMl2GTCPk=; b=UbHjm+8mLu6y6ujQFdPdjN3R5G6YRShBi3zsOSuTHLt17t4AyIZnoJ45PBz02haaW7umRmZrTzxJ5sAm1tcRFJ5o3oIex7JRMUHhqlSgjG0VN56jXHs0oncMiVnCbg7Nxry0p4b+9zcM9X4PRSExEKfB5rXytAnXFDXQIpvUSIq2hU2KJwVeSRRgIhSDGMG1VJzXFP3TNmClfpSQU3zxwqx5BRA0x7xgNSCSh1hvkI5mNSwWOm4vlwfkGsiLJ8wLNgFRt5ChcNYd//gnNHZ2PklbSJvXDzRar/SU4jBPfYBSEUKZLEXsoZCxEGesqlk+CpowrjevrDAPzvzxsi6NrA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SiVXfZTxJ0mLOmrWlEhA9DwainaDbclgwpx3XMs976KLC85JrprKOaD5VA6JIREQnd2BRy1RrRUmDTwFE27Haw6NPfi40Bd2URcn7vuQ3/lf4w01rjO8o8bmSMh1YPmiIopTZ6L0G7XBLCzJpxhNgwEvdztNRmLCLh1AfNF7nxbGG/8vV31KpThGu5TolnGSlVEZfXxjJrcRfdp4zSu/qNoytLbzaG7uYJP1/mwBBJzNXLTevesYnsf2gqY1Tf/sCVKEPpMH2THEoZi7R9kVyl0TCsFbp6lXFzrDpz0xRXkT9wLM7IMHjAog5yZKmF4dPYZMMOrE8AjfoDhoPd5X5g==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Delivery-date: Wed, 14 Sep 2022 06:36:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 13.09.2022 19:22, Demi Marie Obenour wrote:
> On Tue, Sep 13, 2022 at 04:47:24PM +0200, Jan Beulich wrote:
>> On 13.09.2022 16:22, Demi Marie Obenour wrote:
>>> On Tue, Sep 06, 2022 at 10:01:00AM +0000, Andrew Cooper wrote:
>>>> On 06/09/2022 10:52, Jan Beulich wrote:
>>>>> On 02.09.2022 04:05, Demi Marie Obenour wrote:
>>>>>> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in
>>>>>> a CPU register to enforce constant-time execution.  Linux plans to set
>>>>>> this bit by default; Xen should do the same.  See
>>>>>> https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details.
>>>>>> I recommend setting the bit unconditionally and ignoring guest attempts
>>>>>> to change it.
>>>>> I don't think we ought to set it by default; I can see reasons why kernels
>>>>> may want to set it by default (providing a way to turn it off). In Xen
>>>>> what I think we need is exposure of the bit to be guest-controllable.
>>>>
>>>> We absolutely should not have it set by default.  It's a substantial
>>>> overhead for something that is only applicable to code which otherwise
>>>> crafted to be constant-time.
>>>
>>> Either Xen needs to set the bit by default, or guests need to both know
>>> the bit needs to be set and be able set it.  Otherwise code that *is*
>>> intended to be constant-time has no way to protect itself.
>>>
>>>> As for why Xen doesn't enumerate/virtualise it, that's because
>>>> virtualising MSR_ARCH_CAPS for guests is still not working yet, so the
>>>> feature can't be enumerated yet even if we did support context switching 
>>>> it.
>>>
>>> Intel and ARM64 guarantee that CPUs that do not enumerate this flag
>>> behave as if it is set unconditionally.
>>
>> I'm not qualified to talk about the Arm side, but may I ask what you've
>> derived this statement from for Intel? The doc page referenced by the
>> link you did provide (still in context above) specifically further links
>> to a page listing instruction with data operand independent timing. All
>> other instructions, as I conclude, have variable timing unless the bit
>> in ARCH_CAPS enumerates DOITM and then the new MSR bit (of the same name)
>> is set.
> 
> My understanding is that only instructions in the constant-time subset
> are ever guaranteed to be constant time.

Hmm, yes, I did overlook respective wording in the doc.

>  On architectures where DOITM
> is not enumerated, this guarantee is unconditional.

I have to admit I'm suspicious of this "guarantee".

>  On architectures
> where DOITM is enumerated, this guarantee only holds when DOITM is set.
> Therefore, it is critical that on CPUs that enumerate DOITM, Xen does
> one of the following:
> 
> - Ensure that all vCPUs enumerate DOITM, and virtualize the DOITM MSR
>   bit for use by guests.
> 
> - Set DOITM by default.
> 
> Since Xen does not support virtualizing MSR_ARCH_CAPS, vCPUs cannot
> enumerate DOITM.  Therefore, the only secure option is to set DOITM by
> default, so that guests do not need to be aware of it.

I can see where you're coming from, but I also agree with Andrew that
the resulting loss of performance is a counter-indication to making
this the (universal) default. What I could see us doing is make this
both Kconfig and command line controllable.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.