oss-sec mailing list archives
Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
From: Daniel Axtens <dja () axtens net>
Date: Mon, 23 Nov 2020 13:27:34 +1100
Hi,
This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern.
There's been interest in the performance impact of doing this sort of flush. The impact depends on the workload, on how often the kernel is entered and for what, and on the particular flush mechanism supported by the machine. To take an unscientific example, I tested compiling a kernel. I dropped caches, did 1 build to warm the cache, and then 5 timed builds. The machine uses the mttrig flush. Wall clock time: neither flush: avg 98.796s (min 98.329s - max 99.229s) -- 100% entry flush: avg 99.061s (min 98.935s - max 99.188s) -- 100.27% both flushes: avg 99.158s (min 98.303s - max 99.683s) -- 100.37% As you can see, the performance impact for this test was less than 0.4% on this machine. I want to be clear that this isn't an official claim of performance under any particular configuration or workload. Your results may vary. As always, systems running in trusted environments can be booted with mitigations=off or the firmware 'risk level' adjusted to disable a range of speculative execution mitigations, including these. Kind regards, Daniel
Current thread:
- CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 20)
- Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Daniel Axtens (Nov 22)