Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp157326imm;
        Tue, 25 Sep 2018 18:21:52 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63E9OHHetY/kVLocPd9SBUHpnVlQvD2wum1IxL6mGqo6uCgreTWXxE+aSmYfyHHfqCgBz/y
X-Received: by 2002:a17:902:1681:: with SMTP id h1-v6mr3564836plh.262.1537924912868;
        Tue, 25 Sep 2018 18:21:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537924912; cv=none;
        d=google.com; s=arc-20160816;
        b=yEIPcewegleJLkW6ZNiYAHHYp1lNATynKu0E6kx/OhmWOtZCdQyfcW6uNma3QmwwDf
         JKAS7Yi4o11vwFKM76RH2MB1Bqgu59+aRKzhnZ3foH0EzMlNpIBp7Rn9RSLAE4n/W7Hp
         mxE0ZHhomjCFH/dSt/S5im9LYikqH9h4MTuNEcKESBAeGjNX9aagzBYPh/an0M8jugw9
         +tu3cjyxnHdZwO2fYjzsQc7SDlnT2Qf9vDzxg3v9W2oFNYr/3tnOJ+mgxPwJcPN63mlY
         lU9Des2HH5c0TMdI0U6AnTSjmqv7JjGKGl5+TLwNJBHCVlCrc7zrt4khPBhCHikmm06c
         aIZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=CAdQMpJ5Rp+4rVMq9lP5h+qsZqDGYpxBYEePxjMs+Gk=;
        b=XQv5qo8gro7W2eGy5zJjU1uxDm2lo6XA0nMkBPQhbAZUrIF0pLhl8meG8hJvDEqm4q
         lqzCPNGtaVoi07r5AgASAAp8TFc/Br6owpsmEOX5J0/h9S8LCRzCaTqj8cbDxXGbJZuY
         bAsryGLfKrPZN/1P+4dBz367UTF8RCzHFLRXqLDPIjndiVrmsle3ytVS3yURqtWmDMnL
         R9H4D0QfQIqbsJdcx5pK8zcFpDkzUilYSf2PMMckilACXpbdCdPF46+t+UaUH0TMbUHb
         UWEfUx/pb3cctRJFcVfMmkeLT+bVPBae7/ECNslJy4QnD7meuMMv5boMiIrbzQ4YDB9Z
         zgYg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q10-v6si3500222pfd.153.2018.09.25.18.21.37;
        Tue, 25 Sep 2018 18:21:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727111AbeIZH3O (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 26 Sep 2018 03:29:14 -0400
Received: from mga11.intel.com ([192.55.52.93]:52990 "EHLO mga11.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726436AbeIZH3N (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 26 Sep 2018 03:29:13 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Sep 2018 18:18:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,304,1534834800"; 
   d="scan'208";a="72890282"
Received: from skl-02.jf.intel.com ([10.54.74.62])
  by fmsmga007.fm.intel.com with ESMTP; 25 Sep 2018 18:17:15 -0700
From:   Tim Chen <tim.c.chen@linux.intel.com>
To:     Jiri Kosina <jikos@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>
Cc:     Tim Chen <tim.c.chen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Casey Schaufler <casey.schaufler@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Arjan van de Ven <arjan@linux.intel.com>,
        Jon Masters <jcm@redhat.com>, linux-kernel@vger.kernel.org,
        x86@kernel.org
Subject: [Patch v2 0/4] Provide options to enable spectre_v2 userspace-userspace protection 
Date:   Tue, 25 Sep 2018 17:43:55 -0700
Message-Id: <cover.1537920575.git.tim.c.chen@linux.intel.com>
X-Mailer: git-send-email 2.9.4
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

I have merged Tom's changes to extend the patchset for AMD cpus, and
also added a prctl option to control per process indirect branch
speculation per Peter's comments.

Tim

Changes:
v2:
1. Extend per process STIBP to AMD cpus
2. Add prctl option to control per process indirect branch speculation
3. Bug fixes and cleanups 

This patchset provides an option to apply IBPB and STIBP mitigation
to only non-dumpable processes.

Jiri's patch to harden spectre_v2 makes IBPB and STIBP available for
general spectre v2 app to app mitigation.  IBPB will be issued for
switching to an app that's not ptraceable by the previous
app and STIBP will be always turned on.

However, leaving STIBP on all the time is expensive for certain
applications that have frequent indirect branches. One such application
is perlbench in the SpecInt Rate 2006 test suite which shows a
21% reduction in throughput.  Other application like bzip2 in
the same test suite with  minimal indirct branches have
only a 0.7% reduction in throughput. IBPB will also impose
overhead during context switches.

App to app exploit is in general difficult
due to address space layout randomization in apps and
the need to know an app's address space layout ahead of time.
Users may not wish to incur app to app performance
overhead from IBPB and STIBP for general non security sensitive apps
and use these mitigations only for non-dumpable apps.

The first patch provides a lite option for spectre_v2 app to app
mitigation where IBPB is only issued for security sensitive
non-dumpable app.  The second patch extends this option
where STIBP is only issued for non-dumpable app.
The third patch extends per process STIBP update for AMD cpus.
The fourth patch adds a prctl option to control per process
indirect branch speculation.

Thomas Lendacky (1):
  x86/speculation: Extend per process STIBP to AMD cpus.

Tim Chen (3):
  x86/speculation: Option to select app to app mitigation for spectre_v2
  x86/speculation: Provide application property based STIBP protection
  x86/speculation: Add prctl to control indirect branch speculation per
    process

 Documentation/admin-guide/kernel-parameters.txt |  13 ++
 Documentation/userspace-api/spec_ctrl.rst       |   8 +
 arch/x86/include/asm/msr-index.h                |   3 +-
 arch/x86/include/asm/nospec-branch.h            |   9 ++
 arch/x86/include/asm/spec-ctrl.h                |  12 ++
 arch/x86/include/asm/thread_info.h              |   4 +-
 arch/x86/kernel/cpu/bugs.c                      | 185 +++++++++++++++++++++++-
 arch/x86/kernel/process.c                       |  58 ++++++--
 arch/x86/mm/tlb.c                               |  21 ++-
 fs/exec.c                                       |  13 +-
 include/linux/sched.h                           |   5 +
 include/linux/sched/coredump.h                  |   2 +-
 include/uapi/linux/prctl.h                      |   1 +
 kernel/cred.c                                   |   2 +-
 kernel/sys.c                                    |   2 +-
 tools/include/uapi/linux/prctl.h                |   1 +
 16 files changed, 310 insertions(+), 29 deletions(-)

-- 
2.9.4