From: Jiri Kosina <jikos@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Lutomirski <luto@kernel.org>,
thomas.lendacky@amd.com, Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Tim Chen <tim.c.chen@linux.intel.com>,
Andi Kleen <ak@linux.intel.com>,
dave.hansen@intel.com,
Casey Schaufler <casey.schaufler@intel.com>,
"Mallick, Asit K" <asit.k.mallick@intel.com>,
"Van De Ven, Arjan" <arjan@linux.intel.com>,
jcm@redhat.com, longman9394@gmail.com,
Greg KH <gregkh@linuxfoundation.org>,
david.c.stewart@intel.com, Kees Cook <keescook@chromium.org>
Subject: Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode
Date: Sun, 25 Nov 2018 21:52:36 +0100 (CET) [thread overview]
Message-ID: <nycvar.YFH.7.76.1811252147450.21108@cbobk.fhfr.pm> (raw)
In-Reply-To: <CAHk-=whtiX45YPjFPMFuktZ3WB23zqBZR-rL6RewrTyvrFj2Fw@mail.gmail.com>
On Sun, 25 Nov 2018, Linus Torvalds wrote:
> > The mitigation guide documents how STIPB works:
> >
> > Setting bit 1 (STIBP) of the IA32_SPEC_CTRL MSR on a logical processor
> > prevents the predicted targets of indirect branches on any logical
> > processor of that core from being controlled by software that executes
> > (or executed previously) on another logical processor of the same core.
>
> Can we please just fix this stupid lie?
>
> Yes, Intel calls it "STIBP" and tries to make it out to be about the
> indirect branch predictor being per-SMT thread.
>
> But the reason it is unacceptable is apparently because in reality it just
> disables indirect branch prediction entirely. So yes, *technically* it's
> true that that limits indirect branch prediction to just a single SMT
> core, but in reality it is just a "go really slow" mode.
>
> If STIBP had actually just keyed off the logical SMT thread, we wouldn't
> need to have worried about it in the first place.
>
> So let's document reality rather than Intel's Pollyanna world-view.
>
> Reality matters. It's why we had to go all this. Lying about things
> and making it appear like it's not a big deal was why the original
> patch made it through without people noticing.
Yeah, exactly; the documentation doesn't discourage STIBP use (well, the
AMD one now actually does).
I am all in favor of documenting the truth rather than the documented
behavior, but I guess without having a word from CPU folks, explaining how
exactly this is implemented in reality, we can just guess based on
observed symptoms (which is what we'll do anyway I guess if we don't get
any better / more accurate wording).
Arjan, Tim, would you have a wording handy that would be guaranteed to
describe the reality for the sake of changelog?
Thanks,
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2018-11-25 20:52 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-25 18:33 [patch V2 00/28] x86/speculation: Remedy the STIBP/IBPB overhead Thomas Gleixner
2018-11-25 18:33 ` [patch V2 01/28] x86/speculation: Update the TIF_SSBD comment Thomas Gleixner
2018-11-28 14:20 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-29 14:27 ` [patch V2 01/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 02/28] x86/speculation: Clean up spectre_v2_parse_cmdline() Thomas Gleixner
2018-11-28 14:20 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-29 14:28 ` [patch V2 02/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 03/28] x86/speculation: Remove unnecessary ret variable in cpu_show_common() Thomas Gleixner
2018-11-28 14:21 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-29 14:28 ` [patch V2 03/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 04/28] x86/speculation: Reorganize cpu_show_common() Thomas Gleixner
2018-11-26 15:08 ` Borislav Petkov
2018-11-28 14:22 ` [tip:x86/pti] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() tip-bot for Tim Chen
2018-11-29 14:29 ` [patch V2 04/28] x86/speculation: Reorganize cpu_show_common() Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 05/28] x86/speculation: Disable STIBP when enhanced IBRS is in use Thomas Gleixner
2018-11-28 14:22 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-29 14:35 ` [patch V2 05/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 06/28] x86/speculation: Rename SSBD update functions Thomas Gleixner
2018-11-26 15:24 ` Borislav Petkov
2018-11-28 14:23 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-29 14:37 ` [patch V2 06/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 07/28] x86/speculation: Reorganize speculation control MSRs update Thomas Gleixner
2018-11-26 15:47 ` Borislav Petkov
2018-11-28 14:23 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-29 14:41 ` [patch V2 07/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 08/28] sched/smt: Make sched_smt_present track topology Thomas Gleixner
2018-11-28 14:24 ` [tip:x86/pti] " tip-bot for Peter Zijlstra (Intel)
2018-11-29 14:42 ` [patch V2 08/28] " Konrad Rzeszutek Wilk
2018-11-29 14:50 ` Konrad Rzeszutek Wilk
2018-11-29 15:48 ` Peter Zijlstra
2018-11-25 18:33 ` [patch V2 09/28] x86/Kconfig: Select SCHED_SMT if SMP enabled Thomas Gleixner
2018-11-28 14:24 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-29 14:44 ` [patch V2 09/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 10/28] sched/smt: Expose sched_smt_present static key Thomas Gleixner
2018-11-28 14:25 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-29 14:44 ` [patch V2 10/28] " Konrad Rzeszutek Wilk
2018-11-25 18:33 ` [patch V2 11/28] x86/speculation: Rework SMT state change Thomas Gleixner
2018-11-28 14:26 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 12/28] x86/l1tf: Show actual SMT state Thomas Gleixner
2018-11-28 14:26 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 13/28] x86/speculation: Reorder the spec_v2 code Thomas Gleixner
2018-11-26 22:21 ` Borislav Petkov
2018-11-28 14:27 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 14/28] x86/speculation: Mark string arrays const correctly Thomas Gleixner
2018-11-28 14:27 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 15/28] x86/speculataion: Mark command line parser data __initdata Thomas Gleixner
2018-11-28 14:28 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 16/28] x86/speculation: Unify conditional spectre v2 print functions Thomas Gleixner
2018-11-28 14:29 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 17/28] x86/speculation: Add command line control for indirect branch speculation Thomas Gleixner
2018-11-28 14:29 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 18/28] x86/speculation: Prepare for per task indirect branch speculation control Thomas Gleixner
2018-11-27 17:25 ` Lendacky, Thomas
2018-11-27 19:51 ` Tim Chen
2018-11-28 9:39 ` Thomas Gleixner
2018-11-27 20:39 ` Thomas Gleixner
2018-11-27 20:42 ` Thomas Gleixner
2018-11-27 21:52 ` Lendacky, Thomas
2018-11-28 14:30 ` [tip:x86/pti] " tip-bot for Tim Chen
2018-11-25 18:33 ` [patch V2 19/28] x86/process: Consolidate and simplify switch_to_xtra() code Thomas Gleixner
2018-11-26 18:30 ` Borislav Petkov
2018-11-28 14:30 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 20/28] x86/speculation: Avoid __switch_to_xtra() calls Thomas Gleixner
2018-11-28 14:31 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 21/28] x86/speculation: Prepare for conditional IBPB in switch_mm() Thomas Gleixner
2018-11-25 19:11 ` Thomas Gleixner
2018-11-25 20:53 ` Andi Kleen
2018-11-25 22:20 ` Thomas Gleixner
2018-11-25 23:04 ` Andy Lutomirski
2018-11-26 7:10 ` Thomas Gleixner
2018-11-26 13:36 ` Ingo Molnar
2018-11-26 3:07 ` Andi Kleen
2018-11-26 6:50 ` Thomas Gleixner
2018-11-28 14:31 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 22/28] ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS Thomas Gleixner
2018-11-28 14:32 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 23/28] x86/speculation: Split out TIF update Thomas Gleixner
2018-11-28 14:33 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 24/28] x86/speculation: Prepare arch_smt_update() for PRCTL mode Thomas Gleixner
2018-11-27 20:18 ` Lendacky, Thomas
2018-11-27 20:30 ` Thomas Gleixner
2018-11-27 21:20 ` Lendacky, Thomas
2018-11-28 14:34 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 25/28] x86/speculation: Add prctl() control for indirect branch speculation Thomas Gleixner
2018-11-28 14:34 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 26/28] x86/speculation: Enable prctl mode for spectre_v2_user Thomas Gleixner
2018-11-26 7:56 ` Dominik Brodowski
2018-11-28 14:35 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-25 18:33 ` [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode Thomas Gleixner
2018-11-25 19:35 ` Randy Dunlap
2018-11-25 20:40 ` Linus Torvalds
2018-11-25 20:52 ` Jiri Kosina [this message]
2018-11-25 22:28 ` Thomas Gleixner
2018-11-26 13:30 ` Ingo Molnar
2018-11-26 20:48 ` Andrea Arcangeli
2018-11-26 20:58 ` Thomas Gleixner
2018-11-26 21:52 ` Lendacky, Thomas
2018-11-27 0:37 ` Tim Chen
2018-12-04 1:38 ` Tim Chen
2018-12-04 8:39 ` Jiri Kosina
2018-12-04 9:43 ` Arjan van de Ven
2018-12-04 9:46 ` Arjan van de Ven
2018-12-04 17:20 ` Linus Torvalds
2018-12-04 18:58 ` Tim Chen
2018-11-28 14:35 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-12-04 18:45 ` [patch V2 27/28] " Dave Hansen
2018-11-25 18:33 ` [patch V2 28/28] x86/speculation: Provide IBPB always command line options Thomas Gleixner
2018-11-28 14:36 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-11-26 13:37 ` [patch V2 00/28] x86/speculation: Remedy the STIBP/IBPB overhead Ingo Molnar
2018-11-28 14:24 ` Thomas Gleixner
2018-11-29 19:02 ` Tim Chen
2018-12-10 23:43 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.1811252147450.21108@cbobk.fhfr.pm \
--to=jikos@kernel.org \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=casey.schaufler@intel.com \
--cc=dave.hansen@intel.com \
--cc=david.c.stewart@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman9394@gmail.com \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).