Received: by 10.223.176.46 with SMTP id f43csp102851wra; Tue, 23 Jan 2018 17:01:54 -0800 (PST) X-Google-Smtp-Source: AH8x226SkTGdXYfXV7qIg2olN3SyY5VDvdxMp+TUsnLjfU99iioGHa+7h6XDRVLprx4nlmksegHo X-Received: by 10.98.159.25 with SMTP id g25mr11475695pfe.224.1516755713974; Tue, 23 Jan 2018 17:01:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516755713; cv=none; d=google.com; s=arc-20160816; b=VUyGUrWJCo2DCWDdgquN95kxwxEe/cXL3M/00/ZETC6j2uoggUmQ77GKjOVu7bfPET Mn5Cbl4p6fSV7Atw0no2QzxBwcExFEVEMlcf/Ip+QuMiNCqQLIis1nHdLlinhSHL/+rp tYmJMLcULu0L9GSlYg62s4yVHv4B7DatF2pHAvz57l+Opz8tahnhdr6edl36yOr87WHp 7uuZXoHFw7RfikQ20HMf+1jEg0AtUZp09n3GuHUv2ylk5DU68sP32+4Mpx6DGM560RQl 8+H6c/dLCCDir3quwrdW8n+CoIF3KNPdxZcjyF6nir6MJ1uvv57/PlqQpX3CK2OqOc7v ltfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=Hf1/tALYn7B2gp7FpWsIQ8tazl1Sr3gcHAP2/YduOaU=; b=OHuxob/Z18POPJCvHYTpd8MdH9sqRw5GzB8GaXNbiml6IG7kp7tB1R0KkhkppLMwWK WawoW6CZeVph6aJSvQdWYsYpvaFSuK+gXRFrB8BJqCPhqBJq1uHdG8mu+u93oybU8qhL 7HtaMq8XuLa+Ug5CuR1IuxoZU/a/+pfFfrWbtYwDCZrpW+6m7SGo9YRDNVIQ1ZGm7qni E95JvNY0UPYtbx0osoMy+Z0pn59hXh0EnxTP5a0yw3b78clAftlk6J2O3kfyRdGf+H3T N5a7X1ItMHYGUiKJ8KAMX8tqrmgFbg2soXVB+YNDopyQSMO9FkZC+eOqIZjG4QvpCqjh zibA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5si11504986pgo.709.2018.01.23.17.01.39; Tue, 23 Jan 2018 17:01:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932456AbeAXBBM (ORCPT + 99 others); Tue, 23 Jan 2018 20:01:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:58928 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932083AbeAXBBL (ORCPT ); Tue, 23 Jan 2018 20:01:11 -0500 Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0E491217A1 for ; Wed, 24 Jan 2018 01:01:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0E491217A1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-io0-f174.google.com with SMTP id d13so3015743iog.5 for ; Tue, 23 Jan 2018 17:01:11 -0800 (PST) X-Gm-Message-State: AKwxytebQrRHiSLQ/MenpinrKF1pULZDAGs2Ja+t9VJTgsLpDdNdTYFP +JwXH3SlJilzHWRDGepy5PtTSd916kGv3b8hMkx7Gg== X-Received: by 10.107.167.136 with SMTP id q130mr6451129ioe.173.1516755670327; Tue, 23 Jan 2018 17:01:10 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.137.84 with HTTP; Tue, 23 Jan 2018 17:00:49 -0800 (PST) In-Reply-To: References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-10-git-send-email-karahmed@amazon.de> <243BE571-AF73-44B3-8D17-193F9E07686A@amacapital.net> <4e01a7a9-29e4-adcc-3f53-550fb7f3d370@amd.com> <1516724457.9521.156.camel@amazon.co.uk> <20180123224956.GQ7844@tassilo.jf.intel.com> <1516749276.13558.25.camel@amazon.co.uk> From: Andy Lutomirski Date: Tue, 23 Jan 2018 17:00:49 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation To: Tim Chen Cc: "Woodhouse, David" , Andi Kleen , Tom Lendacky , KarimAllah Ahmed , LKML , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , kvm list , X86 ML , Arjan Van De Ven Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 23, 2018 at 4:47 PM, Tim Chen wrote: > On 01/23/2018 03:14 PM, Woodhouse, David wrote: >> On Tue, 2018-01-23 at 14:49 -0800, Andi Kleen wrote: >>>> Not sure. Maybe to start, the answer might be to allow it to be set for >>>> the ultra-paranoid, but in general don't enable it by default. Having it >>>> enabled would be an alternative to someone deciding to disable SMT, since >>>> that would have even more of a performance impact. >>> >>> I agree. A reasonable strategy would be to only enable it for >>> processes that have dumpable disabled. This should be already set for >>> high value processes like GPG, and allows others to opt-in if >>> they need to. >> >> That seems to make sense, and I think was the solution we were >> approaching for IBPB on context switch too, right? >> >> Are we generally agreed on dumpable as the criterion for both of those? >> > > It is a reasonable approach. Let a process who needs max security > opt in with disabled dumpable. It can have a flush with IBPB clear before > starting to run, and have STIBP set while running. > Do we maybe want a separate opt in? I can easily imagine things like web browsers that *don't* want to be non-dumpable but do want this opt-in. Also, what's the performance hit of STIBP?