From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amc96@hermes.cam.ac.uk>
X-Google-Smtp-Source: ACJfBosVsByuotC3KJEiQqkKYklzD4JxhGfc/hY7qITTpoTXRysOebWqWenUB4M2gDPMI0MVSAEp
ARC-Seal: i=1; a=rsa-sha256; t=1516318541; cv=none;
        d=google.com; s=arc-20160816;
        b=XNXQSzkmR8ye+beJbUIw6yg0Tlx9tt2v2ZuY+SrkAZtTWW1J3KZQ6xKgzKYqbgEeR7
         TaUFsCHXoF5tLLALTh7Rpe7GMhrP8QLmwxt162JotU119clBZeN9QqFqNzOLjnLzMC66
         VKgE0WDmsyO2swVglAhvGMrJBcMbdkbKN9XuGu+KOOpIZFIbjhKNW6Bg9ydZ8byUtziZ
         rRZ3ZYUPck48fVT2EdPlXVQEx+X0e3lFR8GjTnenHGohyBvUW1EHaKcpOCoOdqQ07qCm
         UVF3z3kg7H6tkBX31BnlV2iYb0gM4jcBhiipfc47VtmCB+4JI4vuA/HwgY9LPwFGt0RO
         CHPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:content-language:content-transfer-encoding:in-reply-to
         :mime-version:user-agent:date:message-id:from:references:cc:to
         :subject:arc-authentication-results;
        bh=RmqEH6AhChccIU4X6hBGuHJjaZNqqHXPyECKdxadESI=;
        b=0oqeECOUt6j7xRJHV7BDTwXHoSTYCgcoKnt/Vs70rHrrn1etG9XAKFqFq0Im917Ko/
         8FQ/Zq/YWMhZKcNPWzMTvbzByE++Sin/nekXFZZW2C7/dqJ8QoaUDSLl2JKjZNx5EcAk
         FLzNfE+vQi6zpHpoQcN9ZrBsIGyo5dwYO/jeuyI/dVV+VoT/GeyAat8I+Qwy6kEIHn8h
         rL1BUP7vdyZMy/KZFnnBi1jeK3BBSlquX7rrs41Znd4R8KcZQYWxCPnQSMfpIvA6qrUZ
         8W2T/Myszhm5/nfft1e01Ql1igu5G50gZjGVgQGCGayhiNH5M4jrYdnn9aXjRLB+k52Y
         X8Pg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of amc96@hermes.cam.ac.uk designates 131.111.8.131 as permitted sender) smtp.mailfrom=amc96@hermes.cam.ac.uk
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of amc96@hermes.cam.ac.uk designates 131.111.8.131 as permitted sender) smtp.mailfrom=amc96@hermes.cam.ac.uk
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Subject: Re: [PATCH 23/35] x86/speculation: Add basic speculation control code
To: Andy Lutomirski <luto@kernel.org>, Andrea Arcangeli <aarcange@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>, Paolo Bonzini
 <pbonzini@redhat.com>, Dave Hansen <dave.hansen@intel.com>,
 Peter Zijlstra <peterz@infradead.org>, David Woodhouse
 <dwmw2@infradead.org>, Thomas Gleixner <tglx@linutronix.de>,
 LKML <linux-kernel@vger.kernel.org>, Ashok Raj <ashok.raj@intel.com>,
 Tim Chen <tim.c.chen@linux.intel.com>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Greg KH <gregkh@linuxfoundation.org>, Andi Kleen <ak@linux.intel.com>,
 Arjan Van De Ven <arjan.van.de.ven@intel.com>,
 Dan Williams <dan.j.williams@intel.com>,
 Jun Nakajima <jun.nakajima@intel.com>,
 Asit Mallick <asit.k.mallick@intel.com>, Jason Baron <jbaron@akamai.com>
References: <20180118134800.711245485@infradead.org>
 <20180118140152.830682032@infradead.org>
 <20180118163745.t5nmwdr53wjsl7o5@treble>
 <73a5735a-6a5b-0e0f-1f0b-e7cd955880d2@intel.com>
 <a0308ee6-959a-0a78-9205-8de0a60948ac@redhat.com>
 <20180118182431.xvmk6kzxpzu43b43@treble> <20180118190842.GA14136@redhat.com>
 <CALCETrU9Xa6pBd-WuQ9S1s32f7Nb=p9eHEAv7oixf+vZa18ETg@mail.gmail.com>
From: Andrew Cooper <andrew.cooper3@citrix.com>
Message-ID: <9e771f85-ed55-6a94-ad57-b6b8f93a3413@citrix.com>
Date: Thu, 18 Jan 2018 23:35:36 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CALCETrU9Xa6pBd-WuQ9S1s32f7Nb=p9eHEAv7oixf+vZa18ETg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Sender: Andrew Cooper <amc96@hermes.cam.ac.uk>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcSW1wb3J0YW50Ig==?=
X-GMAIL-THRID: =?utf-8?q?1589948948566960870?=
X-GMAIL-MSGID: =?utf-8?q?1589975231696738020?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On 18/01/2018 23:25, Andy Lutomirski wrote:
> On Thu, Jan 18, 2018 at 11:08 AM, Andrea Arcangeli <aarcange@redhat.com> wrote:
>> On Thu, Jan 18, 2018 at 12:24:31PM -0600, Josh Poimboeuf wrote:
>>> On Thu, Jan 18, 2018 at 06:12:36PM +0100, Paolo Bonzini wrote:
>>>> On 18/01/2018 18:08, Dave Hansen wrote:
>>>>> On 01/18/2018 08:37 AM, Josh Poimboeuf wrote:
>>>>>>> --- a/Documentation/admin-guide/kernel-parameters.txt
>>>>>>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>>>>>>> @@ -3932,6 +3932,7 @@
>>>>>>>                         retpoline         - replace indirect branches
>>>>>>>                         retpoline,generic - google's original retpoline
>>>>>>>                         retpoline,amd     - AMD-specific minimal thunk
>>>>>>> +                       ibrs              - Intel: Indirect Branch Restricted Speculation
>>>>>> Are there plans to add spectre_v2=ibrs_always to prevent SMT-based
>>>>>> attacks?
>>>>> What does "ibrs_always" mean to you?
>>> Maybe ibrs_always isn't the best name.  Basically we need an option to
>>> protect user-user attacks via SMT.
>>>
>>> It could be implemented with IBRS=1, or STIBP, or as part of the
>>> mythical IBRS_ATT.
>> User stibp or user ibrs would be different things, both would be valid
>> for different use cases, and the user stibp should perform better.
>>
>> Leaving ibrs on when returning from kernel to userland (or setting
>> ibrs if kernel used retpolines instead of ibrs) achieves stronger
>> semantics than just setting SPEC_CTRL with stibp when returning to
>> userland.
> I read the whitepaper that documented the new MSRs a couple days ago
> and I'm now completely unable to find it.  If anyone could send the
> link, that would be great.

https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

~Andrew