Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2100301imu;
        Sun, 18 Nov 2018 15:57:42 -0800 (PST)
X-Google-Smtp-Source: AJdET5epOYM0D3dZiqtdatUAV9OtzeyykXQpJeZY0lryFUgvvY6xwAYmcvCH7e29ke2l5wwC5fJa
X-Received: by 2002:a63:d10:: with SMTP id c16mr18251336pgl.382.1542585462892;
        Sun, 18 Nov 2018 15:57:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542585462; cv=none;
        d=google.com; s=arc-20160816;
        b=otznZxlPi8Htcal/foQbGICeoF+eMQ8gO0nKt30QfqHRSI7FG+JPkh9VuF3NAZiP/P
         rhqa2ZqCqTS7MwtuHbTmgKMj/UB7R1jniwN4gzj5o3NkIs+8GV2s0ONdlKf0+1/EXYn4
         MMIzYU8JI/lmLXe1wLI+SU09tLRG0tFDDcf9i8c8U/4Nt8j+6uHvqwHzpSpdB+PhSzmM
         hrWNxRLEwquWp0KayHjbCqSKfe9QQAf4LS4amGNdoWQe98GAL5UYJji2N801RmPgnNa5
         u6srKD8xluMJcBH3W/Uu4ll4afi/K2LY/afn6GwKCvkXWFRonngJFBaccQCkUsYzydiE
         qGaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=3Rd8pyif0p4ZMB75Y2Sg1R26lxcb/gVsCVjAepgQ9Hw=;
        b=zC7tYkCHDQGs3p8Q+TJInujDOVlmunvWoGnlmL+Tnu5G46oJKIZAblx81NJ5nLbpzw
         jMthfPJRlUDaSNKGe0hyrYCYFWP2SJk0n9AvvSD+T5FzWOWoHvS87LoZDlIXysjMQXDk
         LxGZtPLNjU6VZKjXaQzFZBFN5rap/Z+OYQad63NZlhPVVlalGAVSWuODblpe6o1fOW6r
         YTy19dOFEG7d8c4wuljvUKvW33gALUfrH/I9guvrzqH6ddCwEeP6GXGSrn1Mebx5AC9s
         a8rZ3uVTY6UVC2QSGmNK4KhOC7MSht6gKOLds89C1IVpZrJyYEPHDN+0HsMQAYvNfQzV
         BHxA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b6si31022890pgg.2.2018.11.18.15.56.54;
        Sun, 18 Nov 2018 15:57:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728125AbeKSJ0E (ORCPT <rfc822;brice.berna@gmail.com>
        + 99 others); Mon, 19 Nov 2018 04:26:04 -0500
Received: from mga14.intel.com ([192.55.52.115]:1421 "EHLO mga14.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726890AbeKSJ0E (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Nov 2018 04:26:04 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Nov 2018 15:04:26 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,250,1539673200"; 
   d="scan'208";a="105671857"
Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.249.73.243]) ([10.249.73.243])
  by fmsmga002.fm.intel.com with ESMTP; 18 Nov 2018 15:04:22 -0800
Subject: Re: Re: STIBP by default.. Revert?
To:     Linus Torvalds <torvalds@linux-foundation.org>,
        Jiri Kosina <jikos@kernel.org>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        "Schaufler, Casey" <casey.schaufler@intel.com>,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
References: <CAHk-=wg-9FUGU=grF4gKDq1sm1m39Jbs3A_iyLbSSntU47ncwg@mail.gmail.com>
 <nycvar.YFH.7.76.1811182222230.21108@cbobk.fhfr.pm>
 <CAHk-=whH2daKsZTqVPb-G9mJ1g15XMse7j-9YqN+yBYk7M9=Dw@mail.gmail.com>
From:   Arjan van de Ven <arjan@linux.intel.com>
Message-ID: <51127fd4-5dcc-b2b9-4873-72098d2a77d9@linux.intel.com>
Date:   Mon, 19 Nov 2018 07:04:19 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAHk-=whH2daKsZTqVPb-G9mJ1g15XMse7j-9YqN+yBYk7M9=Dw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/19/2018 6:00 AM, Linus Torvalds wrote:
> On Sun, Nov 18, 2018 at 1:49 PM Jiri Kosina <jikos@kernel.org> wrote:
>>
>>> So why do that STIBP slow-down by default when the people who *really*
>>> care already disabled SMT?
>>
>> BTW for them, there is no impact at all.
> 
> Right. People who really care about security and are anal about it do
> not see *any* advantage of the patch.

In the documentation, AMD officially recommends against this by default, and I can
speak for Intel that our position is that as well: this really must not be on by default.

STIBP and its friends are there as tools, and were created early on as big hammers because
that is all that one can add in a microcode update.. expensive big hammers.

In some ways it's analogous to the "disable caches" bit in CR0. sure it's there as a big hammer,
but you don't set that always just because caches could be used for a side channel

Using these tools much more surgically is fine, if a paranoid task wants it for example,
or when you know you are doing a hard core security transition. But always on? Yikes.