Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1531983imm;
        Tue, 2 Oct 2018 09:39:18 -0700 (PDT)
X-Google-Smtp-Source: ACcGV60Rmr6pN/EhO2nLLz7toQxn7LcNOPxFg9NJjpZWM7Oqlj53APU2GqjwnZ+uYFAry0puxCob
X-Received: by 2002:a63:69c3:: with SMTP id e186-v6mr14916068pgc.431.1538498358439;
        Tue, 02 Oct 2018 09:39:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538498358; cv=none;
        d=google.com; s=arc-20160816;
        b=KB5unkuWx3/bY8+D0V7oK/K7Ypl+lVZJh6IAYH9TjSimSB2pnPHdnZlx0IppE4Zdri
         bzANTiZiv0lxR+SEbkgJ9plFNNGgh4G0kC6V5wz9DTF1+bu1pVTjTOz7cqMW1YaFu5nX
         pFv3zpZTe0A/I3Q4I7rgM/Z+GwoLdJfblqJccnPfBqztPKw9B+TUmaHRxbWDcVDiD4Y3
         3lqPvWovyw6z1LQuXKs8DZGjgzXCeY3W5GzWzyBtMb/ziVyeh3vZg9915AN/1mcxPmYL
         q9zjqo/0xqw1KfzAs5BTZ6729gJYrhgGIMu+VNM7nZ+VDKBRkK9dLGHGgWmeeRMKoB8D
         VL2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=bV9Z1ESo2wcgpcuf0P+jyTOoa+KD4dNvbl6sNySPQuk=;
        b=Lkrgr5caCZxyyQ973PZtmJ4Kv3RN40vMjt6Lq70rwAhWCH9PlNUMOdZIL5DuF4odZd
         5ajmyLiTxm1ULCF+V7YwzDpQcOUVRloBZ5kXyP4lR/tsTyfLgKU2U/c78KiDTUaYSb8w
         D5QG9w5OS/JYQrHZLoNCZIpX90wwhxKPfA9nmcIWU9FQCpDw1equUJtlfKcK47e1+nII
         O314TYsuS4qgkY2TgWmZJs9bi2DLdpxOIGa3FLHewVu6Xu2rXJ/aadEE7FqBh8BzoQec
         Is+/0V1buppt5j+MjI57ncKVuv7CmesJB9i/6KMuBC4g1OdbDyP4Qr1hd6TIHtBJCMBA
         l1Fw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h125-v6si16622393pfg.138.2018.10.02.09.39.03;
        Tue, 02 Oct 2018 09:39:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727631AbeJBW1S (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Tue, 2 Oct 2018 18:27:18 -0400
Received: from mx2.suse.de ([195.135.220.15]:42790 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726184AbeJBW1S (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 2 Oct 2018 18:27:18 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id DC086AE85;
        Tue,  2 Oct 2018 15:43:17 +0000 (UTC)
Date:   Tue, 2 Oct 2018 17:43:16 +0200 (CEST)
From:   Jiri Kosina <jikos@kernel.org>
To:     Jon Masters <jcm@redhat.com>
cc:     Tim Chen <tim.c.chen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Casey Schaufler <casey.schaufler@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Arjan van de Ven <arjan@linux.intel.com>,
        linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH 2/2] x86/speculation: Provide application property based
 STIBP protection
In-Reply-To: <1a501628-a232-a126-166e-814c26243f2d@redhat.com>
Message-ID: <nycvar.YFH.7.76.1810021742540.14430@cbobk.fhfr.pm>
References: <cover.1537392876.git.tim.c.chen@linux.intel.com> <0c55c162a077aadbfd57878e2694e35292c1a29c.1537392876.git.tim.c.chen@linux.intel.com> <1a501628-a232-a126-166e-814c26243f2d@redhat.com>
User-Agent: Alpine 2.21 (LSU 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2 Oct 2018, Jon Masters wrote:

> > This patch provides an application property based spectre_v2
> > protection with STIBP against attack from another app from
> > a sibling hyper-thread.  For security sensitive non-dumpable
> > app, STIBP will be turned on before switching to it for Intel
> > processors vulnerable to spectre_v2.
> 
> A general comment. I think in practice this will be similar to the
> speculative store buffer bypass (aka "variant 4") issue in terms of
> opt-in mitigation. Many users won't want to take the performance hit of
> having STIBP by default for peer threads. We should make sure that we
> don't force users into a mitigation but retain an option. Whether it's
> default-on or not can be debated, though I think the vendors lean toward
> having default-off with an opt-in, and customers will probably agree. So
> anyway, I encourage a pragmatic approach similar to that for SSBD.

Which is what Tim's patchset is implementing on top.

Thanks,

-- 
Jiri Kosina
SUSE Labs