From: Jon Masters <jcm@redhat.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: GPZv4
Date: Tue, 17 Apr 2018 15:56:55 -0400 [thread overview]
Message-ID: <476c3e0b-dde6-6e6b-2054-6e71fa2c396b@redhat.com> (raw)
In-Reply-To: <20180417193105.GD3890@pd.tnic>
[-- Attachment #1: Type: text/plain, Size: 1422 bytes --]
On 04/17/2018 03:31 PM, speck for Borislav Petkov wrote:
> On Tue, Apr 17, 2018 at 02:26:58PM -0400, speck for Jon Masters wrote:
>> * AMD - They have chicken bits that can disable SSB. They won't provide
>> these except on the condition that we agree not to disable by default.
>> Therefore, I have the magic bit info but can't share it quite yet. It
>
> Oh, we know the bits.
>
>> involves writing into two uarch specific MSRs and won't be SPEC_CTRL. I
>> can assist coordinating whatever is agreed here getting back to AMD.
>
> There's nothing to coordinate - the default setting should be off on
> AMD, that's it.
Let's make sure we're talking about the right thing when we talk about
things being on or off. I usually always talk about a performance
feature being on or off, not a mitigation. Therefore, I read the above
as "MD is off by default", meaning the performance feature is disabled.
This is our current thinking. However, AMD disagree with this and prefer
to leave the feature enabled by default. That would mean having to (at a
minimum) address all of the userspace exposure with prctl(), seccomp(),
or other interfaces, and get that all done within the next month. For
the actual browsers, sure, there will be process isolation updates.
So can you clarify what you meant by "off on AMD" by default?
Jon.
--
Computer Architect | Sent from my Fedora powered laptop
next prev parent reply other threads:[~2018-04-17 19:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 18:26 [MODERATED] GPZv4 Jon Masters
2018-04-17 19:31 ` [MODERATED] GPZv4 Borislav Petkov
2018-04-17 19:56 ` Jon Masters [this message]
2018-04-17 20:37 ` Borislav Petkov
2018-04-17 21:03 ` Jon Masters
2018-04-17 21:20 ` Borislav Petkov
2018-04-17 21:22 ` GPZv4 Thomas Gleixner
2018-04-17 21:25 ` [MODERATED] GPZv4 Jiri Kosina
2018-04-17 21:38 ` Jon Masters
2018-04-17 21:43 ` Jiri Kosina
2018-04-17 22:01 ` GPZv4 Thomas Gleixner
2018-04-17 22:02 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 2:48 ` Konrad Rzeszutek Wilk
2018-04-18 3:44 ` Jon Masters
2018-04-18 4:09 ` Jon Masters
2018-04-18 4:18 ` Jon Masters
2018-04-18 4:56 ` Jon Masters
2018-04-18 7:06 ` Jon Masters
2018-04-18 8:54 ` GPZv4 Thomas Gleixner
2018-04-18 13:22 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:04 ` GPZv4 Thomas Gleixner
2018-04-18 14:07 ` [MODERATED] GPZv4 Jon Masters
2018-04-18 14:52 ` Konrad Rzeszutek Wilk
2018-04-18 15:02 ` Jon Masters
2018-04-18 21:12 ` Konrad Rzeszutek Wilk
2018-04-18 21:20 ` Jon Masters
2018-04-17 21:36 ` Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476c3e0b-dde6-6e6b-2054-6e71fa2c396b@redhat.com \
--to=jcm@redhat.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.