Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1257247imm; Wed, 19 Sep 2018 15:10:20 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb/+6l8QV6yBJZzCUS5WKMV/LM5Nkowo+tRvN1RLeE9AijzQjkAD7NMtFV6zmLQ3Q+5/gZa X-Received: by 2002:a17:902:622:: with SMTP id 31-v6mr36419083plg.153.1537395020602; Wed, 19 Sep 2018 15:10:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537395020; cv=none; d=google.com; s=arc-20160816; b=DhKum1yUOGJsPUJYnendX56y8ccocbeEZmQXGAkW209XzRzKkgAlPH803sfV+WzdkO bC68PdbNDZIKwoyQlqH9zb3ILerWORABChYVGLVW8Lx1YWvoyH/ZxwekRgMjAPkf9YCY Iy04ZJL86B6tfi2K0KkDGsQDAM6KLlgprWatZfOd2jbN8YzPP2pyZ+qw922DlKaZKQ/g RDmggzBPqP3M6im9oIMB5FMSQ3DuZsOJm3++dEKGAzYJiyQDbxHjFEkqQEIvrH7ShLZ7 MX5lvBgQ7iak+7d3oLCWEAdDsDnWHSfqHNWMq4YymCurCvUtQiEeegEGs7wpVsZKjrwr FyeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=6HvYqKtibcq59DFCjt0MHBqSs+kO3icVSxZ6t6utzzE=; b=AmxA2xdafjj8ORMqtVHIVzGp9nwFuhqU3o4vqtd7gf3piRENVSfhjSJUvfx4TXi+Ts IFCLGH9SxJz3rzs+vc63tw2MSb8DUD4in/Pr7H405UPHe7q8FZLAtH70of+pIW6D49uw KMxy1J7JOUNlzWo6x2InJLdWzHMmHhWpw4u/jKrMMuBh2Vh7pThEjxxZvutDmx9qLRj9 2QwuKNI9O66wEbrXu3fvQGlP89DXKtM2ROJjdBUnGyBvkwsRnE3LvhZ0vaYUFiWqnUWc KFye6NtpIRH8c+WjdYsw0G6O8GqYQ1u/yI9ph1xVQjbYOzMHJxbJ+Dv5Jo9Gu6f+d/bF At1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s17-v6si21951671pge.99.2018.09.19.15.10.05; Wed, 19 Sep 2018 15:10:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732905AbeITDtl (ORCPT + 99 others); Wed, 19 Sep 2018 23:49:41 -0400 Received: from mga07.intel.com ([134.134.136.100]:27899 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727983AbeITDtl (ORCPT ); Wed, 19 Sep 2018 23:49:41 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2018 15:09:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,395,1531810800"; d="scan'208";a="90262488" Received: from skl-02.jf.intel.com ([10.54.74.62]) by fmsmga004.fm.intel.com with ESMTP; 19 Sep 2018 15:09:38 -0700 From: Tim Chen To: Jiri Kosina , Thomas Gleixner Cc: Tim Chen , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Casey Schaufler , Asit Mallick , Arjan van de Ven , Jon Masters , linux-kernel@vger.kernel.org, x86@kernel.org Subject: [PATCH 0/2] Provide options to enable spectre_v2 userspace-userspace protection Date: Wed, 19 Sep 2018 14:35:28 -0700 Message-Id: X-Mailer: git-send-email 2.9.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset provides an option to apply IBPB and STIBP mitigation to only non-dumpable processes. Jiri's patch to harden spectre_v2 makes IBPB and STIBP available for general spectre v2 app to app mitigation. IBPB will be issued for switching to an app that's not ptraceable by the previous app and STIBP will be always turned on. However, leaving STIBP on all the time is expensive for certain applications that have frequent indirect branches. One such application is perlbench in the SpecInt Rate 2006 test suite which shows a 21% reduction in throughput. Other application like bzip2 in the same test suite with minimal indirct branches have only a 0.7% reduction in throughput. IBPB will also impose overhead during context switches. App to app exploit is in general difficult due to address space layout randomization in apps and the need to know an app's address space layout ahead of time. Users may not wish to incur app to app performance overhead from IBPB and STIBP for general non security sensitive apps and use these mitigations only for non-dumpable apps. The first patch provides a lite option for spectre_v2 app to app mitigation where IBPB is only issued for security sensitive non-dumpable app. The second patch extends this option where STIBP is only issued for non-dumpable app. The changes apply to intel cpus affected by spectre_v2. Tom, can you update the STIBP changes for AMD cpus on __speculative_store_bypass_update and x86_virt_spec_ctrl to update the SPEC_CTRL msr for AMD cpu? Thanks. Tim Tim Chen (2): x86/speculation: Option to select app to app mitigation for spectre_v2 x86/speculation: Provide application property based STIBP protection Documentation/admin-guide/kernel-parameters.txt | 11 +++ arch/x86/include/asm/msr-index.h | 3 +- arch/x86/include/asm/nospec-branch.h | 9 ++ arch/x86/include/asm/spec-ctrl.h | 12 +++ arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/cpu/bugs.c | 105 ++++++++++++++++++++++-- arch/x86/kernel/process.c | 9 +- arch/x86/mm/tlb.c | 41 ++++++++- 8 files changed, 179 insertions(+), 15 deletions(-) -- 2.9.4