Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp274886pxb; Wed, 20 Jan 2021 06:50:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJwgmT7hnDyRm4NbL0CSAjP1oO/x4BtGr0QlXwWOzpchINqxIzVPnha+jIfi/kxoRwPlmx+8 X-Received: by 2002:a17:906:ce5b:: with SMTP id se27mr6308898ejb.57.1611154247842; Wed, 20 Jan 2021 06:50:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611154247; cv=none; d=google.com; s=arc-20160816; b=dx1I13FxTkmPik1xBNWu5ZVr+26RykLFvfq0C0Qt3wYyCHKFBy36N6b0mBNgBATw9F ePRkUMbHHVySifxm+yADDx+L92xczhTqxSCkz1bZNrIUuxTvpV8dS437L3/79OHOg9yp s+A3cr1pzl+OD8YKiHvWsxpqEDUUvLR5Oe4Md0VqSpf7dNoiA8iw/WhfTw/9Bu+c7O21 1UC3jYX7OrMynLe6CPP4kAEjFO0kD6vWNPd2CN50+7GmAdi6OJ3p1Xy5ZXkC+B98e7if +HXZ8Pk/5ZBQLul2oqRtKIH304s5bhmcaNZmyiCcArlGDKlBt+mkqifYmcCiNLeICb7P 4S0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xt7JVmEFE/aJx6FE4Qvl47o9pAkmFlCT9+vpzHf5qLw=; b=Um7EBprTfY0Evw1vgasFkgYVS2ouIqaRvcoc9IZTEd5XFB6KO0ckoiWPAj9rQrEYN1 IlM37Vw15A1iSQPd8k+Lwk+Ae4dqKMotdfskyTHOjYSsr4/jjU8Edf9oW9mk62MHsDPs HvJaEhRg5BSX2ScvJxMR97z3dgeKydD4yW2VJ9q2bXwTRJh0k5iz2ES7uTD6Khgs3y8K Ns9nogNumPa1p6shSEYlWb61q5U66xQPIw4vclzVJKt3QOJJNau2srfnzrysUVwOJbam ZzXaOXZ6cgqvGsx7SctfbtUsz1NUyUuJBminMPdzkhmC1/MGDKFdN3IMECM7moAVKQyH z+0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=fGWP96aa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w24si930536eds.15.2021.01.20.06.50.24; Wed, 20 Jan 2021 06:50:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=fGWP96aa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390424AbhATOWy (ORCPT + 99 others); Wed, 20 Jan 2021 09:22:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58602 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727143AbhATMpc (ORCPT ); Wed, 20 Jan 2021 07:45:32 -0500 Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 032B6C0613C1 for ; Wed, 20 Jan 2021 04:44:17 -0800 (PST) Received: by mail-vs1-xe29.google.com with SMTP id h18so12946772vsg.8 for ; Wed, 20 Jan 2021 04:44:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xt7JVmEFE/aJx6FE4Qvl47o9pAkmFlCT9+vpzHf5qLw=; b=fGWP96aayixQ3J4z0EyohXgXAbUnf33N8q/UY1tuVs/m8Xa1UVZhW1aZBCaOmBqHK2 FcMa2kowZFptVFa8wvIwZ+x3bnx8MT8+IizLlwkx7KTCBXIaDZsYOffn8rZ5cjMgVU+D Tj4X2iPnIRfbf5uUmIdY5pcRIZGtXVyFaYtXylZlV+875MpUhhmbBm1sU1k067xtqAqo KTVhHrp1uJ3XxgoixjotVi/3OfJ7oC3UbTf94X0hwKmT4sEjzJmSGZSis02/7lEjGMvV WEgd1eO+Ic7t0d+lOY/INFj6UBf9yj5M3jhc0Mo2DQc4+TzDL2hJRpGQPRZGR3oqFEaI 1bNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xt7JVmEFE/aJx6FE4Qvl47o9pAkmFlCT9+vpzHf5qLw=; b=SUZayK2X01YnLmm2zvye9wftdNBsNBfHs0RZUEsqRlc4M8XR/+VNYi5tUcRjuzzjBn PbRkuvnEY5szeUos91lEPkY6+LylWhP3TnX+i1koGBIaFBV3Yz+o46DzJSDMb5yBMNRR VgRavlKBHrBG8ey88kRnJXEWNKS+YF4bsfXiOaRWfEDqdZqUI6wyZR8+BRWjCARDsi8J VK3vKeY99qy2jUk1nFiLFBCkd41GkHDyq/VOIkVNFReSWqzknhCZmw1a699wBedRqnTC evugHcNkYZNgj/wbOqb+5iRXwiZU/unL7XyZ2+Vy6vpLwB1R5P/hwwQpR6PltQEJR8JM DQxA== X-Gm-Message-State: AOAM530AHqov+c3+1qALBKpLmtCS3xEcqjBZhhS5nsZf9gchXMqm2JSG SuawbnPTntmYXYP06u3BzZMmJJrhk2fgJka9Z11qKQ== X-Received: by 2002:a67:25c3:: with SMTP id l186mr662163vsl.27.1611146655834; Wed, 20 Jan 2021 04:44:15 -0800 (PST) MIME-Version: 1.0 References: <20210113194619.RFC.1.I8f559ecdb01ffa98d5a1ee551cb802f288a81a38@changeid> <20210113195301.tyeeyrf5y7ajd5yw@treble> In-Reply-To: <20210113195301.tyeeyrf5y7ajd5yw@treble> From: "Anand K. Mistry" Date: Wed, 20 Jan 2021 23:44:03 +1100 Message-ID: Subject: Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB To: Josh Poimboeuf Cc: x86@kernel.org, Anthony Steinhauser , tglx@linutronix.de, Borislav Petkov , Joel Fernandes , Alexandre Chartre , Andrew Morton , Andy Lutomirski , Dave Hansen , "H. Peter Anvin" , Ingo Molnar , Julien Thierry , Maciej Fijalkowski , Mark Gross , Mike Rapoport , Paolo Bonzini , Peter Zijlstra , Tony Luck , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > This proposal attempts to reduce that cost by letting the system > > developer choose whether to issue the IBPB on entry or exit of an IB > > speculation disabled process (default is both, which is current > > behaviour). Documentation/admin-guide/hw-vuln/spectre.rst documents two > > mitigation strategies that use conditional IBPB; > > "Protect sensitive programs", and "Sandbox untrusted programs". > > Why make the setting system-wide? Shouldn't this decision be made on a > per-task basis, depending on whether the task is sensitive or untrusted? It definitely could be. I didn't give it as much thought since for me, the entire system uses a "sandbox" approach, so the behaviour would apply to any IB spec disabled process. And conversely, any system taking the "sensitive programs" approach would also expect the same behaviour from all processes. I'm open to making it per-process. It's just that making it system-wide seemed to "fit" with the documented mitigation strategies, and it's what I would use in production.