Received: by 10.223.176.46 with SMTP id f43csp1734411wra; Sun, 21 Jan 2018 03:23:51 -0800 (PST) X-Google-Smtp-Source: AH8x225bEpMiG1UCa0NddNTWmhlVJjTqeGrRWCdWJw3/iNXyOCRtXREVW+3ghtJ8ErejhAa4XRIZ X-Received: by 10.99.184.17 with SMTP id p17mr4365812pge.357.1516533831376; Sun, 21 Jan 2018 03:23:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516533831; cv=none; d=google.com; s=arc-20160816; b=LPBIbDGOYTRUvcEK9R9pUNfGFcSuD8gG2aeFLKva5HxDxtpBthNHFYTLAe2QfhsNV2 XDqaRA3Z5QR+11RC2khr7Stuyi3XoRZMKIySM+VeETOPpQcWnWjl23HN6n1sfmrbfo4p KeLu2wpEkpUkugHCuNW2xOEXxaD5mXUJsKQhpzrX1CxolgSASdmhr/NtM5jq7u0f2A5k UzFAfHkPBH5R5VndXqkaukJiPl47woll1RCyDk/ok6KJEpp7f+Pj33IfDDkz3t8MKVI2 coedv/cHap0FGkuAenwromUpcULwINvyeEyePBCzNSQTize5zAf2TMedO9MDoGNtJP6a nMnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=WuxfUlMmHpTRh5pM+BBhnAVBIwFUj4zlM0rBExujP9A=; b=QhvaEzFUI9B3Qsoq3F8deeaN3Oz718acUHGTOID5YPLDfLRaQVn95fOJ9sYwcg6e5m TlL1oq4+PdMzmf3UMIr99nCWpxeedjtYCJBO+VUN/W05HYsruRc+TfnQjOcncUseHIoZ Zv90u3dpE6EBEn7KdcvXfSAlfsjhZd0X56TSLv+Xg4d+a/x5h9wPIeiUXIK7/Jq7CbJH AvXCzpYeIDbgH2aGIpHJHpH3L7rItsGpJsRvwYti+X45o7oxkhVLVAdeva8rOTNxqtIt mQzmZG1yKBb/hnhz2n9Z9IYtYFCo6Lsl5ed0YYLXmRWyji0Im2d/OurZ5wZnJWtrYFPw XU5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j8-v6si2485709plk.87.2018.01.21.03.23.25; Sun, 21 Jan 2018 03:23:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751014AbeAULWy (ORCPT + 99 others); Sun, 21 Jan 2018 06:22:54 -0500 Received: from merlin.infradead.org ([205.233.59.134]:35942 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750822AbeAULWw (ORCPT ); Sun, 21 Jan 2018 06:22:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WuxfUlMmHpTRh5pM+BBhnAVBIwFUj4zlM0rBExujP9A=; b=keSpIyVY355M7Z8pynt+OApk+ G8yPWfGZAZiq1XCaUePiijL04OzpFkXXINbJCi/ICfsC+tZhndWO+bnXvqmuGt4elEZm0YV3tPZaj wtz2nEc9Zz0ic633GnFNyjriVg7AtW2G2fdADYziatCkpFjOnQmiv5L1Bijm+tib3Z7x6upOCd+Y+ uvTVxnsXOpkkjBwehgUlDqOUvuH5KBmcFSLj40O3qyi1mJ9BVirMdGGV0M2Obg/UAOxGzyAt7WbdV 8VedursbXl80+VkgXZIq/1n09idhlzV8x+UqB1cFW+iLMrCYckhsanHetD3/toGGYdlIO7yTf7r/Y TIf1hcI9Q==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.89 #1 (Red Hat Linux)) id 1edDhj-0008Tu-FH; Sun, 21 Jan 2018 11:22:27 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id B37E02029F9F9; Sun, 21 Jan 2018 12:22:24 +0100 (CET) Date: Sun, 21 Jan 2018 12:22:24 +0100 From: Peter Zijlstra To: KarimAllah Ahmed Cc: linux-kernel@vger.kernel.org, Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , David Woodhouse , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org Subject: Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process Message-ID: <20180121112224.GH2269@hirez.programming.kicks-ass.net> References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-5-git-send-email-karahmed@amazon.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1516476182-5153-5-git-send-email-karahmed@amazon.de> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 20, 2018 at 08:22:55PM +0100, KarimAllah Ahmed wrote: > From: Tim Chen > > Flush indirect branches when switching into a process that marked > itself non dumpable. This protects high value processes like gpg > better, without having too high performance overhead. So if I understand it right, this is only needed if the 'other' executable itself is susceptible to spectre. If say someone audited gpg for spectre-v1 and build it with retpoline, it would be safe to not issue the IBPB, right? So would it make sense to provide an ELF flag / personality thing such that userspace can indicate its spectre-safe? I realize that this is all future work, because so far auditing for v1 is a lot of pain (we need better tools), but would it be something that makes sense in the longer term?