From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: x86@kernel.org, Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Jiri Kosina <jkosina@suse.cz>,
Tom Lendacky <thomas.lendacky@amd.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Casey Schaufler <casey.schaufler@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Jon Masters <jcm@redhat.com>, Waiman Long <longman9394@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Dave Stewart <david.c.stewart@intel.com>,
Kees Cook <keescook@chromium.org>
Subject: [patch 00/24] x86/speculation: Remedy the STIBP/IBPB overhead
Date: Wed, 21 Nov 2018 21:14:30 +0100
Message-ID: <20181121201430.559770965@linutronix.de> (raw)
This is based on Tim Chen's V5 patch series. The following changes have
been made:
- Control STIPB evaluation with a single static key
- Move IBPB out from switch_mm() into switch_to() and control the
always and the conditional mode with static keys.
The mainline implementation is wrong in a few aspects, e.g. it fails
to protect tasks within the same process, which breaks
sandboxing. That same process optimization was the sole reason to have
it in switch_mm().
The new always mode is just issuing the barrier unconditionally when
switching to a user task, but that also leaves STIPB always on. So
really paranoid people get the highest possible protection and the
highest overhead.
The conditional mode issues the barrier when a task which is mitigated
is scheduling out or scheduling in. That is required to support proper
sandboxing.
- Remove the ptrace_may_access_sched() code as it's unused now. It was
ugly anyway and would have given people ideas how to slow down
switch_mm() some more.
- Rename TIF_STIPB to TIF_SPEC_IB because it controls both STIBP and
IBPB.
- Fix all the corner cases vs. UP and SMT disabled.
- Limit the overhead when conditional STIPB is not enabled so
switch_to_xtra() is not invoked for nothing when the TIF bit would
trigger the entry and nothing else is to do. That can happen when SMT
is off and a task has the TIF bit set. On UP STIPB is never enabled.
- Dropped the dumpable part
TODO: Write documentation
It's avaiable from git:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86/pti
It's based on the x86/pti branch unfortunately, which contains the removal
of the minimal asm retpoline hackery. I noticed too late. If the minimal
asm stuff should not be backported it's trivial to rebase that series on
Linus tree.
Thanks,
tglx
next reply index
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 20:14 Thomas Gleixner [this message]
2018-11-21 20:14 ` [patch 01/24] x86/speculation: Update the TIF_SSBD comment Thomas Gleixner
2018-11-21 20:28 ` Linus Torvalds
2018-11-21 20:30 ` Thomas Gleixner
2018-11-21 20:33 ` Linus Torvalds
2018-11-21 22:48 ` Thomas Gleixner
2018-11-21 22:53 ` Borislav Petkov
2018-11-21 22:55 ` Thomas Gleixner
2018-11-21 22:55 ` Arjan van de Ven
2018-11-21 22:56 ` Borislav Petkov
2018-11-21 23:07 ` Borislav Petkov
2018-11-21 23:04 ` Josh Poimboeuf
2018-11-21 23:08 ` Borislav Petkov
2018-11-22 17:30 ` Josh Poimboeuf
2018-11-22 17:52 ` Borislav Petkov
2018-11-22 21:17 ` Thomas Gleixner
2018-11-21 20:14 ` [patch 02/24] x86/speculation: Clean up spectre_v2_parse_cmdline() Thomas Gleixner
2018-11-21 20:14 ` [patch 03/24] x86/speculation: Remove unnecessary ret variable in cpu_show_common() Thomas Gleixner
2018-11-21 20:14 ` [patch 04/24] x86/speculation: Reorganize cpu_show_common() Thomas Gleixner
2018-11-21 20:14 ` [patch 05/24] x86/speculation: Disable STIBP when enhanced IBRS is in use Thomas Gleixner
2018-11-21 20:33 ` Borislav Petkov
2018-11-21 20:36 ` Thomas Gleixner
2018-11-21 22:01 ` Thomas Gleixner
2018-11-21 20:14 ` [patch 06/24] x86/speculation: Rename SSBD update functions Thomas Gleixner
2018-11-21 20:14 ` [patch 07/24] x86/speculation: Reorganize speculation control MSRs update Thomas Gleixner
2018-11-21 20:14 ` [patch 08/24] sched/smt: Make sched_smt_present track topology Thomas Gleixner
2018-11-21 20:14 ` [patch 09/24] x86/Kconfig: Select SCHED_SMT if SMP enabled Thomas Gleixner
2018-11-21 20:14 ` [patch 10/24] sched/smt: Expose sched_smt_present static key Thomas Gleixner
2018-11-21 20:41 ` Thomas Gleixner
2018-11-21 20:14 ` [patch 11/24] x86/speculation: Rework SMT state change Thomas Gleixner
2018-11-21 20:14 ` [patch 12/24] x86/l1tf: Show actual SMT state Thomas Gleixner
2018-11-21 20:14 ` [patch 13/24] x86/speculation: Reorder the spec_v2 code Thomas Gleixner
2018-11-21 20:14 ` [patch 14/24] x86/speculation: Unify conditional spectre v2 print functions Thomas Gleixner
2018-11-22 7:59 ` Ingo Molnar
2018-11-21 20:14 ` [patch 15/24] x86/speculation: Add command line control for indirect branch speculation Thomas Gleixner
2018-11-21 23:43 ` Borislav Petkov
2018-11-22 8:14 ` Thomas Gleixner
2018-11-22 9:07 ` Thomas Gleixner
2018-11-22 9:18 ` Peter Zijlstra
2018-11-22 10:10 ` Borislav Petkov
2018-11-22 10:48 ` Thomas Gleixner
2018-11-21 20:14 ` [patch 16/24] x86/speculation: Prepare for per task indirect branch speculation control Thomas Gleixner
2018-11-22 7:57 ` Ingo Molnar
2018-11-21 20:14 ` [patch 17/24] x86/speculation: Move IBPB control out of switch_mm() Thomas Gleixner
2018-11-22 0:01 ` Andi Kleen
2018-11-22 7:42 ` Jiri Kosina
2018-11-22 9:18 ` Thomas Gleixner
2018-11-22 1:40 ` Tim Chen
2018-11-22 7:52 ` Ingo Molnar
2018-11-22 22:29 ` Thomas Gleixner
2018-11-21 20:14 ` [patch 18/24] x86/speculation: Avoid __switch_to_xtra() calls Thomas Gleixner
2018-11-22 1:23 ` Tim Chen
2018-11-22 7:44 ` Ingo Molnar
2018-11-21 20:14 ` [patch 19/24] ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS Thomas Gleixner
2018-11-21 20:14 ` [patch 20/24] x86/speculation: Split out TIF update Thomas Gleixner
2018-11-22 2:13 ` Tim Chen
2018-11-22 23:00 ` Thomas Gleixner
2018-11-23 7:37 ` Ingo Molnar
2018-11-26 18:35 ` Tim Chen
2018-11-26 21:55 ` Thomas Gleixner
2018-11-27 7:05 ` Jiri Kosina
2018-11-27 7:13 ` Thomas Gleixner
2018-11-27 7:30 ` Jiri Kosina
2018-11-27 12:52 ` Jiri Kosina
2018-11-27 13:18 ` Jiri Kosina
2018-11-27 21:57 ` Thomas Gleixner
2018-11-27 22:07 ` Jiri Kosina
2018-11-27 22:20 ` Jiri Kosina
2018-11-27 22:36 ` Thomas Gleixner
2018-11-28 1:50 ` Tim Chen
2018-11-28 10:43 ` Thomas Gleixner
2018-11-28 6:05 ` Jiri Kosina
2018-11-28 14:33 ` [tip:x86/pti] x86/speculation: Prevent stale SPEC_CTRL msr content tip-bot for Thomas Gleixner
2018-11-22 7:43 ` [patch 20/24] x86/speculation: Split out TIF update Ingo Molnar
2018-11-22 23:04 ` Thomas Gleixner
2018-11-23 7:37 ` Ingo Molnar
2018-11-21 20:14 ` [patch 21/24] x86/speculation: Prepare arch_smt_update() for PRCTL mode Thomas Gleixner
2018-11-22 7:34 ` Ingo Molnar
2018-11-22 23:17 ` Thomas Gleixner
2018-11-22 23:28 ` Jiri Kosina
2018-11-21 20:14 ` [patch 22/24] x86/speculation: Create PRCTL interface to restrict indirect branch speculation Thomas Gleixner
2018-11-22 7:10 ` Ingo Molnar
2018-11-22 9:03 ` Peter Zijlstra
2018-11-22 9:08 ` Thomas Gleixner
2018-11-22 12:26 ` Borislav Petkov
2018-11-22 12:33 ` Peter Zijlstra
2018-11-21 20:14 ` [patch 23/24] x86/speculation: Enable PRCTL mode for spectre_v2_app2app Thomas Gleixner
2018-11-22 7:17 ` Ingo Molnar
2018-11-21 20:14 ` [patch 24/24] x86/speculation: Add seccomp Spectre v2 app to app protection mode Thomas Gleixner
2018-11-22 2:24 ` Tim Chen
2018-11-22 7:26 ` Ingo Molnar
2018-11-22 23:45 ` Thomas Gleixner
2018-11-21 23:48 ` [patch 00/24] x86/speculation: Remedy the STIBP/IBPB overhead Tim Chen
2018-11-22 9:55 ` Thomas Gleixner
2018-11-22 9:45 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121201430.559770965@linutronix.de \
--to=tglx@linutronix.de \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=casey.schaufler@intel.com \
--cc=dave.hansen@intel.com \
--cc=david.c.stewart@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman9394@gmail.com \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=thomas.lendacky@amd.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git