Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754053AbeAGOBm (ORCPT + 1 other); Sun, 7 Jan 2018 09:01:42 -0500 Received: from www.llwyncelyn.cymru ([82.70.14.225]:57824 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753772AbeAGOBl (ORCPT ); Sun, 7 Jan 2018 09:01:41 -0500 Date: Sun, 7 Jan 2018 14:01:38 +0000 From: Alan Cox To: Kiernan Hager Cc: linux-kernel@vger.kernel.org Subject: Re: Avoid speculative indirect calls in kernel Message-ID: <20180107140138.08a7e8e3@alans-desktop> In-Reply-To: References: <20180103230934.15788-1-andi@firstfloor.org> <20180104015920.1ad7b9d3@alans-desktop> <1515054014.12987.75.camel@amazon.co.uk> <403e65be-cfd1-fd08-0401-2e26470b63d4@redhat.com> <4dde456c-fd15-e768-8876-5844c8b7c455@redhat.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: > I disagree. When there are patches that slow execution down up to 30%, > I want to be able to mark a binary as "trusted" so that I can run it It's not a binary that is trusted - it's a binary in a given use case. You could easily have the same binary being run in two situations on the same box at the same time and run just one of them 'trusted'.