From owner-freebsd-hackers@freebsd.org  Sat Jan  6 20:42:04 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2A27DEE59D;
 Sat,  6 Jan 2018 20:42:04 +0000 (UTC)
 (envelope-from wojtek@puchar.net)
Received: from puchar.net (puchar.net [194.1.144.90])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "puchar.net", Issuer "puchar.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 51D0D7E98C;
 Sat,  6 Jan 2018 20:42:03 +0000 (UTC)
 (envelope-from wojtek@puchar.net)
Received: Received: from 127.0.0.1 (localhost [127.0.0.1])
 by puchar.net (8.15.2/8.15.2) with ESMTPS id w06KfwvF072158
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Sat, 6 Jan 2018 21:41:58 +0100 (CET)
 (envelope-from puchar-wojtek@puchar.net)
Received: from localhost (puchar-wojtek@localhost)
 by puchar.net (8.15.2/8.15.2/Submit) with ESMTP id w06KfqJX072155;
 Sat, 6 Jan 2018 21:41:52 +0100 (CET)
 (envelope-from puchar-wojtek@puchar.net)
Date: Sat, 6 Jan 2018 21:41:52 +0100 (CET)
From: Wojciech Puchar <wojtek@puchar.net>
To: Warner Losh <imp@bsdimp.com>
cc: Wojciech Puchar <wojtek@puchar.net>, Eric McCorkle <eric@metricspace.net>, 
 "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>,
 "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject: Re: Fwd: A more general possible meltdown/spectre countermeasure
In-Reply-To: <CANCZdfqsV1bUAmwVGHZZfBK2FQ_Y03WvHQuUtBOABHo6mbbYAA@mail.gmail.com>
Message-ID: <alpine.BSF.2.20.1801062140090.71856@puchar.net>
References: <c98b7ac3-26f0-81ee-2769-432697f876e5@metricspace.net>
 <33bcd281-4018-7075-1775-4dfcd58e5a48@metricspace.net>
 <alpine.BSF.2.20.1801061701200.40627@puchar.net>
 <73d2f1a5-55f7-0ae7-7660-3e680ba3d32e@metricspace.net>
 <CANCZdfqZnZhKXD3SKgyro+YLX7j5BYrmCZ7xEGwYY6AWkQpKzg@mail.gmail.com>
 <alpine.BSF.2.20.1801061752540.46832@puchar.net>
 <CANCZdfqsV1bUAmwVGHZZfBK2FQ_Y03WvHQuUtBOABHo6mbbYAA@mail.gmail.com>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jan 2018 20:42:04 -0000

> The only workaround that's completely effective is to unmap all of kernel memory when running in userland. It's a bit tricky because

this means on every syscall on interrupt:

- memcopy part of top level PTE on enter, bzero on exit
- TLB flush both on enter and exit.

IMHO it would make much more than 30% overhead in many cases. am i wrong?

> there's small parts that have to stay mapped for various architectural reasons. This means KASLR on these CPUs likely can never be
> effective since meltdown will let you find what the trap address is and from that find the kernel (though there's some rumblings
> that the indirection Linux is doing will suffice).
> 
> Warner
> 
>