Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11000011imu; Mon, 31 Dec 2018 10:45:21 -0800 (PST) X-Google-Smtp-Source: ALg8bN7ADiAPpUzD5Tv4B8mnsvL9115DqOCbDPOAG2evLyRvJlUywABoT/4T7s+35JekxrAHHJ9+ X-Received: by 2002:a62:33c1:: with SMTP id z184mr38664084pfz.104.1546281921303; Mon, 31 Dec 2018 10:45:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546281921; cv=none; d=google.com; s=arc-20160816; b=WOjq+rcdWe2OelLLIwSf44mMsnDAY2PY8ZhU5PHWF/5h2e4VjHIMUL4s1h2yGstti/ jkragU5pr9/vPq74JQMIn04/2kE5c2MIuJ0e5L6HO+5cdpuc0QqMJxvinF7iI9W6vmT0 v4JZJYNFyp2t/3/4qndOjE+kc+MGGS0KuEggJaLmBTB2hHURIH9ZelqsAe+/bXSjYc/e ihSZtt7NZHrIjm9W5j+bIiVv8QsaSKE+cZNi3MNqnKWl5cW0VCkwKrz/vtVKvqkbm1Y2 0MNDKs48HZZZVLEk2znEXEb7W7qdXuvgD3EVw9QxJk0EdpK9o7eweRc0+lm4pezbF+Re La9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=H3YxZFmc6dpftv0ha91A1+Z5uK1rcb4e4Y6W+u/++bQ=; b=P4FFh5CRcgnqfQ3BopRFD4DdE7CuxI6sa73ScrTMKB8rtqzWWieh7hrzOvmYlF5hsZ Lr9VMOn9VKnGU9O3DjZ6JmCCyL6TuLlApnMPcqESVLHWuqOpdUlTxLuLTfYy3v/f92eG GZ+iibDlOfRsJ45vm6VT0QWvwyNP6MDejtBqo42daXYAae6LbXYs8Y3KaNBCB3YOAVuC PG6qvtGRPfkfqEwioCdT1xJ3gn3N7pgVa6lKuaFUWEux6wdLsueikf1utmASdPjyWQSi Zbs7BaSbhvA4lLxWnvHYNw9Xg1Vsm1Ia9ON6DTz3s23QCeHfmM5rRE24fzfgixIOLRgV MXww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q13si681444pgj.86.2018.12.31.10.44.53; Mon, 31 Dec 2018 10:45:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727589AbeLaRKd (ORCPT + 99 others); Mon, 31 Dec 2018 12:10:33 -0500 Received: from mga12.intel.com ([192.55.52.136]:32314 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727392AbeLaRKd (ORCPT ); Mon, 31 Dec 2018 12:10:33 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Dec 2018 09:10:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,423,1539673200"; d="scan'208";a="131938813" Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.251.20.124]) ([10.251.20.124]) by fmsmga004.fm.intel.com with ESMTP; 31 Dec 2018 09:10:32 -0800 Subject: Re: [PATCH] x86/speculation: Add document to describe Spectre and its mitigations To: Ben Greear , Tim Chen , Thomas Gleixner Cc: Jiri Kosina , Linus Torvalds , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Asit Mallick , Jon Masters , Waiman Long , Greg KH , Borislav Petkov , linux-kernel@vger.kernel.org, x86@kernel.org, stable@vger.kernel.org References: <64efec3fda40c0758601bf9b1480a35d76d3c487.1545413988.git.tim.c.chen@linux.intel.com> <1c7923ec-70aa-25d4-3de1-f1b1768bb80b@candelatech.com> <5d45f3ef-a91f-815a-f532-62e75899e697@candelatech.com> From: Arjan van de Ven Message-ID: Date: Mon, 31 Dec 2018 09:10:31 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <5d45f3ef-a91f-815a-f532-62e75899e697@candelatech.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/31/2018 8:22 AM, Ben Greear wrote: > > > On 12/21/2018 05:17 PM, Tim Chen wrote: >> On 12/21/18 1:59 PM, Ben Greear wrote: >>> On 12/21/18 9:44 AM, Tim Chen wrote: >>>> Thomas, >>>> >>>> Andi and I have made an update to our draft of the Spectre admin guide. >>>> We may be out on Christmas vacation for a while.  But we want to >>>> send it out for everyone to take a look. >>> >>> Can you add a section on how to compile out all mitigations that have anything >>> beyond negligible performance impact for those running systems where performance >>> is more important than security? >>> >> >> If you don't worry about security and performance is paramount, then >> boot with "nospectre_v2".  That's explained in the document. > > There seem to be lots of different variants of this type of problem.  It was not clear > to me that just doing nospectre_v2 would be sufficient to get back full performance. > > And anyway, I would like to compile the kernel to not need that command-line option, > so I am still interesting in what compile options need to be set to what values... the cloud people call this scenario "single tenant".. there might be different "users" in the uid sense, but they're all owned by the same folks it would not be insane to make a CONFIG_SINGLE_TENANT kind of option under which we can group thse kind of things (and likely others)