Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1496427imm;
        Mon, 3 Sep 2018 01:53:32 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaZrDQM9gwf3i2GhxUxp+2exFTnBYIZ5jrTAHwx+G6uQCb+g8S/+pqucBVquet56AikKCRs
X-Received: by 2002:a63:5d4b:: with SMTP id o11-v6mr24646136pgm.349.1535964812473;
        Mon, 03 Sep 2018 01:53:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535964812; cv=none;
        d=google.com; s=arc-20160816;
        b=Qt0ywHww/4qDbXu2Os/PUWQhwdUG1PAhc1de/IQjR3XVY08LpKgdpL6w0e6nSlSYe0
         lFu3YbaJFrA7anY/VGH8M8GvdgNvG0vUky/8BbbStgAHSd9S4NbxhWlQNtWTITesaGfm
         ZRZFF3JBBD1uuSf8C3FYxWIaGIm3PAV+Vb8b6tnLjS04yuKWLKmHhmYcsmfMHnq5/3Qm
         0BToFgDooDcfpc4sf5QUwo1LswdprC4ugtW+/Yk1+m6Zb83qTm64PVyVK0AxO4Zu/uA9
         yIiZblxHTpnr+wi8gMV8Gtd62rwHCgjTS10Ou/olHmSImSRPySvU1azh6/4PO5mCfggH
         VD3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date
         :arc-authentication-results;
        bh=6yWRqA8W0Aol27WKLZIrb4E05HbQP5KMP6Aoo6pE7s8=;
        b=o5+hTpJGSePbRlc1dlDiI5CTNu+0rSMGlXZtaZdkkw2qHnD1oXa3sGOOwT/vkn6UCp
         MouTQ8Ro4Yd+dxJhN9h4qF6zt1Xq8jOLbnN6DemW2+fAdePbUMrGih3J8vnXuBV0p8nL
         ujpwreU4gqdFVGxV2bPvfaaYBUobBB4emuvHN8eAabiyNZyiebvUosqh1lbklUjKzGnS
         sJGWqjf3SqGaKeFppVmok1IUihc7erpUr8oKXlDIiRMZEJdlc+0BtJohGbqMuNSydp41
         rX6NtuRs8CSi/Wpze44KZqeaJPpN9ngTGPu+nrTXW2dlHu1ECSmoeR31R/dNxAG6VEBu
         ZYQw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a18-v6si16946742pfn.317.2018.09.03.01.53.17;
        Mon, 03 Sep 2018 01:53:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727360AbeICNKf (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 3 Sep 2018 09:10:35 -0400
Received: from mx2.suse.de ([195.135.220.15]:50076 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1725947AbeICNKe (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Sep 2018 09:10:34 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id AEBD9ADE0;
        Mon,  3 Sep 2018 08:51:24 +0000 (UTC)
Date:   Mon, 3 Sep 2018 10:51:22 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>
cc:     linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH] x86/speculation: Enable cross-hyperthread spectre v2
 STIBP mitigation
In-Reply-To: <nycvar.YFH.7.76.1808312242130.25787@cbobk.fhfr.pm>
Message-ID: <nycvar.YFH.7.76.1809031047560.25787@cbobk.fhfr.pm>
References: <nycvar.YFH.7.76.1808312242130.25787@cbobk.fhfr.pm>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 31 Aug 2018, Jiri Kosina wrote:

> From: Jiri Kosina <jkosina@suse.cz>
> 
> STIBP is a feature provided by certain Intel ucodes / CPUs. This feature 
> (once enabled) prevents cross-hyperthread control of decisions made by 
> indirect branch predictors.
> 
> Enable this feature if
> 
> - the CPU is vulnerable to spectre v2
> - the CPU supports SMT
> - spectre_v2 mitigation autoselection is enabled (default)
> 
> After some previous discussion, this patch leaves STIBP on all the time, 
> as wrmsr on crossing kernel boundary is a no-no. This could perhaps later 
> be a bit more optimized (like disabling it in NOHZ, experiment with 
> disabling it in idle, etc) if needed.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> ---
> 
> Let's add the most basic STIBP support, as it has been kind of lost in all 
> the previous noise.

After some discussions with Peter, this actually makes a little sense with 
the IBPB implementation we currently have upstream, as that's basically 
never used (I thought upstream had the same what distros had -- IBPB 
issued in cases where tasks can't ptrace each other, but that apparently 
got ditched in the process for some reason).

If the argument was that this is too expensive performance-wise, well, 
then there is nospectre_v2 for those who are fine with that.

Given the fact that the attack is real, I think we should default to 
STIBP+IBPB in the non-ptrace-capable case. Some distros (SUSE for example) 
do issue the IBPB in such a way.

I'll submit v2 with that later today.

-- 
Jiri Kosina
SUSE Labs