From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34E9CC0044C for ; Mon, 5 Nov 2018 23:04:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F1B2720882 for ; Mon, 5 Nov 2018 23:04:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F1B2720882 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linutronix.de Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726435AbeKFI07 (ORCPT ); Tue, 6 Nov 2018 03:26:59 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:36301 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725726AbeKFI07 (ORCPT ); Tue, 6 Nov 2018 03:26:59 -0500 Received: from p5492fe24.dip0.t-ipconnect.de ([84.146.254.36] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gJnv9-0006tq-8T; Tue, 06 Nov 2018 00:04:35 +0100 Date: Tue, 6 Nov 2018 00:04:34 +0100 (CET) From: Thomas Gleixner To: Tim Chen cc: Jiri Kosina , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Casey Schaufler , Asit Mallick , Arjan van de Ven , Jon Masters , Waiman Long , LKML , x86@kernel.org, Kees Cook Subject: Re: [Patch v4 17/18] x86/speculation: Update SPEC_CTRL MSRs of remote CPUs In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tim, On Mon, 5 Nov 2018, Tim Chen wrote: > How about sending an IPI if a remote CPU needs to have its SPEC_CTRL MSR > updated? > > Something like the following to replace this patch? ... > +static void spec_ctrl_update_func(void *info) > +{ > + speculation_ctrl_update(task_thread_info(current)->flags); > +} > + > static void set_task_stibp(struct task_struct *tsk, bool stibp_on) > { > bool update = false; > + int cpu; > > if (!static_branch_unlikely(&spectre_v2_app_lite)) > return; > @@ -789,6 +795,12 @@ static void set_task_stibp(struct task_struct *tsk, bool stibp_on) > > if (tsk == current) > speculation_ctrl_update_current(); > + else { > + cpu = task_cpu(tsk); > + if (cpu != smp_processor_id()) > + smp_call_function_single(cpu, spec_ctrl_update_func, > + NULL, false); > + } Aside of the condition being pointless in that case, that issues an IPI whether the task is running or not. So this allows a task to issue tons of async IPIs disturbing others by toggling the control. I'm less and less convinced that piggybacking this on dumpable is a good idea. It's lots of extra code and the security people are not really happy about the whole thing either. Can we please start out with the SSBD model and make use of the PRCTL and the seccomp mitigation control? Kees? Thanks, tglx