Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1532763imm; Tue, 2 Oct 2018 09:40:07 -0700 (PDT) X-Google-Smtp-Source: ACcGV60+FOu59837Mm8d8suY4jIiBtGyNGsdkFL/gaXY55gqVk49wHvYbRfs7BgwmXRTyqIJQ0Dn X-Received: by 2002:a63:b709:: with SMTP id t9-v6mr6645445pgf.366.1538498407683; Tue, 02 Oct 2018 09:40:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538498407; cv=none; d=google.com; s=arc-20160816; b=wtt3WCt0dNcnQyFyA/PCkbFN9xDI2y79VxaHm3ReSHVICe7+21nQijibTh8JYUyml3 T3MD2tm25dgOZATUo+WOJWlQoJEIofI2qS3PlOBEDT+jK+LHD115W7FWdadnKLWm3R25 eMezP6yV5lksW9sH7baL59u/g1xNxUk5NH5gNCX/N++d65p92RZifR7BeNgIkVvx4JL3 aei+fVCI1fYPIQbKvCeooGV75zRYEwfH0JbwkjfowR25PNlI2MPdIdteDdbsAdmTNpp1 Ve3qLHoPFlXhfFUK983p/LAMbL7Ijv04lN13H2/ayjCQHgOKhMVpdORehD9zeBVV8XBh o16w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:thread-index:thread-topic:cc:in-reply-to :to:references:date:message-id:subject:mime-version:from :content-transfer-encoding; bh=eImtKdDfwG3uElN6FEK4EaxmHtXwW9npx6cm3tMqNi0=; b=EkFoo6CEaiY2TwPNdMUmgg++1P6mjIZfcZarO6DhVVBAN9RS/ozhmcVDqo6UCglfWv 4XB+O6bKcg2+zA+HMScar3NGMguaHbX9VzBEjQ6NLKBmPYs540KYDBnKBq4OBKG8cfPk Ei+JALdHArgnURoutYPUguZPBk1JwShNnHCwUOIFnaxZl1inw9IzYCMBB1tQNJyloiF0 D0wLuxy+3LVGop7Xn/VOWMnDn0SNyJBjIyhEjYGEKbc1YwrVAwxc87txPutqMNfaCUUg NpR50eDEKshOYe4HZZF7+5/7x6burwZCfOUX/iq+hvKXa3Bno6LX43tKcg8/n0+mSH2u 17ZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f9-v6si18055701plm.126.2018.10.02.09.39.52; Tue, 02 Oct 2018 09:40:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728042AbeJBW24 (ORCPT + 99 others); Tue, 2 Oct 2018 18:28:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48146 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726184AbeJBW24 (ORCPT ); Tue, 2 Oct 2018 18:28:56 -0400 Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1C8473002060; Tue, 2 Oct 2018 15:44:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 06C5A30912F5; Tue, 2 Oct 2018 15:44:56 +0000 (UTC) Received: from zmail26.collab.prod.int.phx2.redhat.com (zmail26.collab.prod.int.phx2.redhat.com [10.5.83.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A99761809546; Tue, 2 Oct 2018 15:44:55 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Jon Masters MIME-Version: 1.0 Subject: Re: [PATCH 2/2] x86/speculation: Provide application property based STIBP protection Message-Id: Date: Tue, 2 Oct 2018 11:44:55 -0400 (EDT) References: <0c55c162a077aadbfd57878e2694e35292c1a29c.1537392876.git.tim.c.chen@linux.intel.com> <1a501628-a232-a126-166e-814c26243f2d@redhat.com> To: Jiri Kosina In-Reply-To: Cc: Tim Chen , Thomas Gleixner , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Casey Schaufler , Asit Mallick , Arjan van de Ven , linux-kernel@vger.kernel.org, x86@kernel.org Thread-Topic: x86/speculation: Provide application property based STIBP protection Thread-Index: E5wQ+zs/XoVUdgtZV5yWEsk5QRcA6A== X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 02 Oct 2018 15:44:56 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quick reply: I agree, I'm just supporting this :) -- Computer Architect > On Oct 2, 2018, at 11:43, Jiri Kosina wrote: > > On Tue, 2 Oct 2018, Jon Masters wrote: > >>> This patch provides an application property based spectre_v2 >>> protection with STIBP against attack from another app from >>> a sibling hyper-thread. For security sensitive non-dumpable >>> app, STIBP will be turned on before switching to it for Intel >>> processors vulnerable to spectre_v2. >> >> A general comment. I think in practice this will be similar to the >> speculative store buffer bypass (aka "variant 4") issue in terms of >> opt-in mitigation. Many users won't want to take the performance hit of >> having STIBP by default for peer threads. We should make sure that we >> don't force users into a mitigation but retain an option. Whether it's >> default-on or not can be debated, though I think the vendors lean toward >> having default-off with an opt-in, and customers will probably agree. So >> anyway, I encourage a pragmatic approach similar to that for SSBD. > > Which is what Tim's patchset is implementing on top. > > Thanks, > > -- > Jiri Kosina > SUSE Labs >