Received: by 10.223.176.46 with SMTP id f43csp92284wra; Tue, 23 Jan 2018 16:48:26 -0800 (PST) X-Google-Smtp-Source: AH8x225A9IBK0u4U1dAD+l1U1+DolhCHHLp1xkmFB2bG2NTlVcbqm3LZ4IOD6vAMUMiLpiQtcHK4 X-Received: by 2002:a17:902:b613:: with SMTP id b19-v6mr6871234pls.164.1516754906579; Tue, 23 Jan 2018 16:48:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516754906; cv=none; d=google.com; s=arc-20160816; b=ONn5jTaIazxszyPvmMO9ZQ29kgpNyCPsgQNcVCXoErDZYavWG8etlAwrgPEjde73Bm SULxjpzMenDlx+uVxpRufkDrT0qrU0cN0oXruZBuv41uly0w2dhVEKSUATjpDsRmJqBo Fk/qikY/+kBcPxeygbZiRCpW/g0FZovOB4c4CSuWEzsKQ7dEDYmCSebp1rsqB588lOjX JBVR24wMUgFJiJe7jniwlNhbX0bPcE1HFWqOsloZE7e7dM+2RJbNMiNw+6ARv7XoJKrq aYz7FlEchi+DFkuDsLHg9ne09z1txd8+H887Ra0OtfGDzJ9tUUOw4R8bjwASWtxbzlWC sFUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=4TSF8RskWBXyXcdafLT2ajDqLUlpENRfF6CjmCMac4U=; b=YiSqFWOHIDX+LdovWSUKlMeoaUg8mBvIkairKpIjTfy/yS11dxt0kasJmbB2ViiGWz Fq11dui28fkQXWEjGgf42/L0vOWo2Jd3PCn532v0XdLHMB3TnKxFv2OJ0NBxFPRzJSvn xUM6g1q2CHioCNW9vXnQIwUWzSYePnV3EMJY92FRXYNmM+npGpCxaTPlRUzR6onDWfVz 9O+kHr3hPpQTSEkSCDNKUl2V94ylG5X2uswSbDX0qF5QihECiEI85FbaVm/SGBwrR/Fy jP0CH+N+xnYg1eacO0uwVqe7RBYHIklUu0e3RMMqzyMmwO12ccERDPoO7cC/zRzAPXz3 g5Jw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w13si3329885pgt.716.2018.01.23.16.48.12; Tue, 23 Jan 2018 16:48:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932471AbeAXArm (ORCPT + 99 others); Tue, 23 Jan 2018 19:47:42 -0500 Received: from mga06.intel.com ([134.134.136.31]:45287 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932083AbeAXAri (ORCPT ); Tue, 23 Jan 2018 19:47:38 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2018 16:47:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,404,1511856000"; d="scan'208";a="12979898" Received: from schen9-desk3.jf.intel.com (HELO [10.54.74.42]) ([10.54.74.42]) by orsmga006.jf.intel.com with ESMTP; 23 Jan 2018 16:47:37 -0800 Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation To: "Woodhouse, David" , Andi Kleen , Tom Lendacky Cc: Andy Lutomirski , KarimAllah Ahmed , linux-kernel@vger.kernel.org, Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , kvm@vger.kernel.org, x86@kernel.org, Arjan Van De Ven References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-10-git-send-email-karahmed@amazon.de> <243BE571-AF73-44B3-8D17-193F9E07686A@amacapital.net> <4e01a7a9-29e4-adcc-3f53-550fb7f3d370@amd.com> <1516724457.9521.156.camel@amazon.co.uk> <20180123224956.GQ7844@tassilo.jf.intel.com> <1516749276.13558.25.camel@amazon.co.uk> From: Tim Chen Message-ID: Date: Tue, 23 Jan 2018 16:47:36 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <1516749276.13558.25.camel@amazon.co.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/23/2018 03:14 PM, Woodhouse, David wrote: > On Tue, 2018-01-23 at 14:49 -0800, Andi Kleen wrote: >>> Not sure. Maybe to start, the answer might be to allow it to be set for >>> the ultra-paranoid, but in general don't enable it by default. Having it >>> enabled would be an alternative to someone deciding to disable SMT, since >>> that would have even more of a performance impact. >> >> I agree. A reasonable strategy would be to only enable it for >> processes that have dumpable disabled. This should be already set for >> high value processes like GPG, and allows others to opt-in if >> they need to. > > That seems to make sense, and I think was the solution we were > approaching for IBPB on context switch too, right? > > Are we generally agreed on dumpable as the criterion for both of those? > It is a reasonable approach. Let a process who needs max security opt in with disabled dumpable. It can have a flush with IBPB clear before starting to run, and have STIBP set while running. Tim