Received: by 10.223.176.5 with SMTP id f5csp259837wra; Tue, 30 Jan 2018 11:02:22 -0800 (PST) X-Google-Smtp-Source: AH8x2270huAXm/j6HAdTmPce7aQsDJshGMhI8dbYqDZIEPhi33iCnSJEZop/4m2a5rE1syI80iIU X-Received: by 10.99.177.76 with SMTP id g12mr7922347pgp.269.1517338942806; Tue, 30 Jan 2018 11:02:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517338942; cv=none; d=google.com; s=arc-20160816; b=ZdS0+zieyRRZqPv6/yRNM3Lwe0Qd9fSBv1Dc2QePjlHVsKu/O1iAQ67mlpCeTX+C9x mQptI/RGfpzziO5wrFd/EBeg4jDSDUZK4N7uTq8ZFP251YHnYlU6kTQF1ebpKtcs9Bnh 5ejSQIGU6NgAnNvVMqNYdQ40IN33rP34r2gTN1q697O4UWEhz9r/875GMGDduitf43nK kOb7YuatdE0jg4o+ci4HtY1oy9/kxUAiyHpZ3GK4qKdFCXsyGtqzoedCSMFgUGHl79iJ WVt1N6q6Etksdasc/ieDnki+OYEMsA8UGDZ0M63h6VCt+/wzMePDG2h4JxxxazXj0ly3 9AkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=XX51hV1NAhQHfS6Dq/QjC18wOiaC/blOR7NL8iip2JU=; b=XScBJXkBIVU/skcCnxVfP78y5DEIKy26IXjUk5ciOOXvzrL/xfYSgZh/VQGtVpgJEe bAuiA7hkoTxXR8wE2K+defFlFDK1VuIyFlsNOXnrTpJzSEFkUBC4YeHGs7rP3/TMNeiA 5W8o1zEoidKnTaU9jMrfsoqB8lWtziwiN+I42wTOLB4WAJkRlYGn+i/NjL/9jFKmGrNN 5Fx6DuZcYS70i8wr1UO0CriWtQll48YrN5MW/gsMK7lncMUA0nLs9gRk4k8JiVWZRXjV RNSIJN1LBZAnw3Q9KT22+TpwDVMtdjJ3TudVTXpv/oQRMm+NxyHxrpnS6gOb4rHnnH95 AYYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h66si409582pfk.275.2018.01.30.11.02.08; Tue, 30 Jan 2018 11:02:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753023AbeA3RtH (ORCPT + 99 others); Tue, 30 Jan 2018 12:49:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43318 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752820AbeA3Rsx (ORCPT ); Tue, 30 Jan 2018 12:48:53 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 98CB2C04AC4A; Tue, 30 Jan 2018 17:48:53 +0000 (UTC) Received: from treble (ovpn-120-139.rdu2.redhat.com [10.10.120.139]) by smtp.corp.redhat.com (Postfix) with SMTP id F3DBA600C2; Tue, 30 Jan 2018 17:48:50 +0000 (UTC) Date: Tue, 30 Jan 2018 11:48:50 -0600 From: Josh Poimboeuf To: David Woodhouse Cc: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, mingo@kernel.org, luto@kernel.org, linux@dominikbrodowski.net Subject: Re: [PATCH] x86/speculation: Use Indirect Branch Prediction Barrier in context switch Message-ID: <20180130174850.bwypk4r5yn2344jb@treble> References: <1517263487-3708-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1517263487-3708-1-git-send-email-dwmw@amazon.co.uk> User-Agent: Mutt/1.6.0.1 (2016-04-01) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 30 Jan 2018 17:48:53 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 29, 2018 at 10:04:47PM +0000, David Woodhouse wrote: > From: Tim Chen > > Flush indirect branches when switching into a process that marked itself > non dumpable. This protects high value processes like gpg better, > without having too high performance overhead. I wonder what the point of this patch is. An audit of my laptop shows only a single user of PR_SET_DUMPABLE: systemd-coredump. [ And yes, I have gpg-agent running. Also, a grep of the gnupg source doesn't show any evidence of it being used there. So the gpg thing seems to be a myth. ] But also, I much preferred the original version of the patch which only skipped IBPB when 'prev' could ptrace 'next'. If performance is a concern, let's look at that in more detail. But I don't see how the solution to a performance issue could possibly be "leave (almost) all tasks vulnerable by default." If the argument is that everyone should "rebuild the world" with retpolines, then this patch would still be pointless, as we wouldn't even need IBPB. -- Josh