Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2698904imu; Mon, 19 Nov 2018 04:51:03 -0800 (PST) X-Google-Smtp-Source: AJdET5dNUI3U+y5DxU1v8ErTmKmj0wpLdQkdz5Ix3l7b3+49n0XGWXmFHB+v/8uIy6p59AU6P/Va X-Received: by 2002:a65:6491:: with SMTP id e17mr19843265pgv.418.1542631863264; Mon, 19 Nov 2018 04:51:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542631863; cv=none; d=google.com; s=arc-20160816; b=spVkOhzc+MyjooW2eo5pi5whCf43nEAu4VWjDpwUoetS7vYm4Eojklp5TlXGm6AcEQ 6862Gr/TIbgKd357OfPGOPAqLKTd45TNnL7O8gg9SQFD38szKHos2+QfhnkT21lPS7rh Bgy3Dcsf5V57B1qsPD2A8d2qNt2vH9kkYartwnlv160D0yxBPe6AJSqkIJuYoS7uH7si SIwBvjgj1obWP3FAhciizGfgJLwDh6b5z4JLDN62edK4T4Rs81E2RcOaPR40kUQHLRbh 0cZ5DB0hSxgNSThItD9tO/YqRB/t0udqde5MTjKiuRiabRE5SRftFQ9DsvKt6zwVcfFI ao+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=zn/FTfuGQl3QeWuovtVzlxNspNwaDpXRv17eMZSpJ4I=; b=0IkhB2b/+RkpIWU2+ksl9+YqhkUpMMV+PIqKDeDwbdyqSdm4PWNZ+CnmyKwzXqz9oe T3duhhNHkGvB+76gS3pweX/DEVTLWhMq00IyqAkqBupvMiCSL6Rjj/iKzVFIjWbTrqcB 5RV/efMMHy8Mi03RSwd1XnVgn7s0fz4IKW0XhW/zHom7pgo29b9Bl4gKJDRt/P1cJQSd DFcjb9ByweLl2yhnolkOjKGe+3NSK8QxZZV1PpSRTz1aaPAs2F0eIWC3J9WUKxqThWdQ F9lf/TsdTr9wy+rSpdPgygvGAWAjb3ss6fyi/uCTGHqoV98VnadWqeVEB0UGo2NzBu7w ib/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n10-v6si27064936plk.255.2018.11.19.04.50.47; Mon, 19 Nov 2018 04:51:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728894AbeKSXNc (ORCPT + 99 others); Mon, 19 Nov 2018 18:13:32 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:38332 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728701AbeKSXNc (ORCPT ); Mon, 19 Nov 2018 18:13:32 -0500 Received: from hsi-kbw-5-158-153-52.hsi19.kabel-badenwuerttemberg.de ([5.158.153.52] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gOizq-0006kW-BL; Mon, 19 Nov 2018 13:49:46 +0100 Date: Mon, 19 Nov 2018 13:49:45 +0100 (CET) From: Thomas Gleixner To: Tim Chen cc: Jiri Kosina , Linus Torvalds , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Casey Schaufler , Linux List Kernel Mailing , the arch/x86 maintainers , stable@vger.kernel.org Subject: Re: STIBP by default.. Revert? In-Reply-To: <32d00fb2-7187-ed6f-ab1e-287151e82b3a@linux.intel.com> Message-ID: References: <32d00fb2-7187-ed6f-ab1e-287151e82b3a@linux.intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 18 Nov 2018, Tim Chen wrote: > On 11/18/2018 02:17 PM, Jiri Kosina wrote: > > On Sun, 18 Nov 2018, Linus Torvalds wrote: > > > >>> So, I think it's as theoretical as any other spectrev2 (only with the > >>> extra "HT" condition added on top). > >> > >> What? No. > >> > >> It's *way* more theoretical than something like meltdown, which could > >> be trivially used to get data from another protection domain. > > > > Oh yeah, I absolutely agree that spectrev2 and Meltdown and completely > > different beasts. > > > >> Have you seen any actual realistic attacks for normal human users? > >> Things where the *kernel* should actually care? > >> > >> The javascript thing is for the browser to fix up, > > > > It's probably not just browsers, but anything running JITed sandboxed > > code. So the most straightforward way might be the prctl() aproach, where > > userspace would claim "I do care about this, please fix it up for me". So > > prctl() + perhaps SECCOMP. > > > > Which gets us back to Tim's fixup patch. Do you still prefer the revert, > > given the existence of that? I think that if Tim's fixup makes it through > > (it's currently missing SECCOMP handling, but that is trivial to add on > > top), it might be the best compromise. We'd also have have to make IBPB > > obey it to be consistent (and get even a few more % of performance back), > > but that's easy as well. > > > I think if Thomas can merge my patchset along with Jiri's, the default > option will become opt in for tasks that want the extra security and we > won't lose performance. If it would be in mergeable state .... Thanks, tglx