On 04/23/2018 02:05 PM, speck for Linus Torvalds wrote:
> 
> 
> On Mon, 23 Apr 2018, speck for Konrad Rzeszutek Wilk wrote:
>>
>> I believe (and Linus, please correct me here) that the question of
>> toggling on/off SPEC_CTRL MSR on user-space entrance is a no-go.
> 
> Absolutely. That would be entirely crazy.

Yep, totally nuts, and nobody is asking for that :)

> Is there a known situation where that would actually make sense?

Intel point out that globally disabling MD by default has typically a
few percent hit, but sometimes up to 30%. Therefore, they want it to be
per-process controllable. As I said, e.g. with a prctrl that happens to
control an MSR underneath, but it's not userspace setting an MSR.

Anyway, Intel should articulate the ask. I've pointed it out because
there's entirely a lack of alignment currently with both Intel and AMD
wanting MD on by default (so some parts of the system vulnerable until
we have a fine grained option available). It's great that they want it,
but they need to help find a way to make that work.

And my person opinion is that seccomp alone isn't enough of a criteria
(Andi was proposing to just whack the MDD in that case, but this relies
on all manner of userspace applications using seccomp that weren't). I
think a simple prctrl is probably all we would have time to hack in to
common stuff like OpenJDK. There's really not much time to do that, and
a total lack of folks articulating that need loudly.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop