Received: by 10.223.176.46 with SMTP id f43csp1734411wra;
        Sun, 21 Jan 2018 03:23:51 -0800 (PST)
X-Google-Smtp-Source: AH8x225bEpMiG1UCa0NddNTWmhlVJjTqeGrRWCdWJw3/iNXyOCRtXREVW+3ghtJ8ErejhAa4XRIZ
X-Received: by 10.99.184.17 with SMTP id p17mr4365812pge.357.1516533831376;
        Sun, 21 Jan 2018 03:23:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516533831; cv=none;
        d=google.com; s=arc-20160816;
        b=LPBIbDGOYTRUvcEK9R9pUNfGFcSuD8gG2aeFLKva5HxDxtpBthNHFYTLAe2QfhsNV2
         XDqaRA3Z5QR+11RC2khr7Stuyi3XoRZMKIySM+VeETOPpQcWnWjl23HN6n1sfmrbfo4p
         KeLu2wpEkpUkugHCuNW2xOEXxaD5mXUJsKQhpzrX1CxolgSASdmhr/NtM5jq7u0f2A5k
         UzFAfHkPBH5R5VndXqkaukJiPl47woll1RCyDk/ok6KJEpp7f+Pj33IfDDkz3t8MKVI2
         coedv/cHap0FGkuAenwromUpcULwINvyeEyePBCzNSQTize5zAf2TMedO9MDoGNtJP6a
         nMnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=WuxfUlMmHpTRh5pM+BBhnAVBIwFUj4zlM0rBExujP9A=;
        b=QhvaEzFUI9B3Qsoq3F8deeaN3Oz718acUHGTOID5YPLDfLRaQVn95fOJ9sYwcg6e5m
         TlL1oq4+PdMzmf3UMIr99nCWpxeedjtYCJBO+VUN/W05HYsruRc+TfnQjOcncUseHIoZ
         Zv90u3dpE6EBEn7KdcvXfSAlfsjhZd0X56TSLv+Xg4d+a/x5h9wPIeiUXIK7/Jq7CbJH
         AvXCzpYeIDbgH2aGIpHJHpH3L7rItsGpJsRvwYti+X45o7oxkhVLVAdeva8rOTNxqtIt
         mQzmZG1yKBb/hnhz2n9Z9IYtYFCo6Lsl5ed0YYLXmRWyji0Im2d/OurZ5wZnJWtrYFPw
         XU5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j8-v6si2485709plk.87.2018.01.21.03.23.25;
        Sun, 21 Jan 2018 03:23:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751014AbeAULWy (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Sun, 21 Jan 2018 06:22:54 -0500
Received: from merlin.infradead.org ([205.233.59.134]:35942 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750822AbeAULWw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 21 Jan 2018 06:22:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version:
        References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
        Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
        Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
        List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
         bh=WuxfUlMmHpTRh5pM+BBhnAVBIwFUj4zlM0rBExujP9A=; b=keSpIyVY355M7Z8pynt+OApk+
        G8yPWfGZAZiq1XCaUePiijL04OzpFkXXINbJCi/ICfsC+tZhndWO+bnXvqmuGt4elEZm0YV3tPZaj
        wtz2nEc9Zz0ic633GnFNyjriVg7AtW2G2fdADYziatCkpFjOnQmiv5L1Bijm+tib3Z7x6upOCd+Y+
        uvTVxnsXOpkkjBwehgUlDqOUvuH5KBmcFSLj40O3qyi1mJ9BVirMdGGV0M2Obg/UAOxGzyAt7WbdV
        8VedursbXl80+VkgXZIq/1n09idhlzV8x+UqB1cFW+iLMrCYckhsanHetD3/toGGYdlIO7yTf7r/Y
        TIf1hcI9Q==;
Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net)
        by merlin.infradead.org with esmtpsa (Exim 4.89 #1 (Red Hat Linux))
        id 1edDhj-0008Tu-FH; Sun, 21 Jan 2018 11:22:27 +0000
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000)
        id B37E02029F9F9; Sun, 21 Jan 2018 12:22:24 +0100 (CET)
Date:   Sun, 21 Jan 2018 12:22:24 +0100
From:   Peter Zijlstra <peterz@infradead.org>
To:     KarimAllah Ahmed <karahmed@amazon.de>
Cc:     linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Arjan van de Ven <arjan@linux.intel.com>,
        Ashok Raj <ashok.raj@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Borislav Petkov <bp@suse.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
        Joerg Roedel <joro@8bytes.org>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Laura Abbott <labbott@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
        x86@kernel.org
Subject: Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching
 into non dumpable process
Message-ID: <20180121112224.GH2269@hirez.programming.kicks-ass.net>
References: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
 <1516476182-5153-5-git-send-email-karahmed@amazon.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1516476182-5153-5-git-send-email-karahmed@amazon.de>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Jan 20, 2018 at 08:22:55PM +0100, KarimAllah Ahmed wrote:
> From: Tim Chen <tim.c.chen@linux.intel.com>
> 
> Flush indirect branches when switching into a process that marked
> itself non dumpable.  This protects high value processes like gpg
> better, without having too high performance overhead.

So if I understand it right, this is only needed if the 'other'
executable itself is susceptible to spectre. If say someone audited gpg
for spectre-v1 and build it with retpoline, it would be safe to not
issue the IBPB, right?

So would it make sense to provide an ELF flag / personality thing such
that userspace can indicate its spectre-safe?

I realize that this is all future work, because so far auditing for v1
is a lot of pain (we need better tools), but would it be something that
makes sense in the longer term?