From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tim.c.chen@linux.intel.com>
X-Google-Smtp-Source: AH8x224z2Ek0QLT8NCXEeV1VJZLlxHBNKY1vKE8fk2WDs9+CRIThXQFBwG7AsPr5812DFQBGjhNQ
ARC-Seal: i=1; a=rsa-sha256; t=1516754877; cv=none;
        d=google.com; s=arc-20160816;
        b=GVnx/hZpwlhMboSdTn74NiAwbRtcQ8i+j2PHbtJyGvf2q9FQKCBDeScTypeUV8kySw
         mG65Pe1gxtCggQJR2maZZ1VQD5wRk2Tgp3nbuLl5ocNuOtP/P9A8Of/dx3AQvQu54EDX
         PE1pT8we/BAlytUfWavFTEmk3raiQussavgx11G8H3ArFkgoziW8q58TVd3MnQ1ItSBg
         CQd3YfsB1MOfK9apK5u6DbXaS1CJvjmUGEIILO+oQEO00JQYUejZT/N4ZLYclVaATPVW
         KneykZyGft8ZOH0780D3ZIaCKEPBMnipYjFp/TXRMGLLRiyq2P2ZjKwHR18JKthlCxA2
         0VIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject
         :arc-authentication-results;
        bh=4TSF8RskWBXyXcdafLT2ajDqLUlpENRfF6CjmCMac4U=;
        b=qgAmmoWWFZHZmGfkvaDbGGvVbPl4bmhx0Zt8sQ/02rrH45WuDj1MJQ5rcVehQ9uM5b
         EdVH4YD45uMzb4Bgt6QjGaqjfBgOOwPimGyqQ0hMNeW5gFApURzI8LsAZSoz9hQJNgye
         ZdK+7TIAYrtYAcG2tGSxdvcZet9tIxNUMhb0xuqabBf323esuyO5W6E3hNR/jAsJSRjP
         WtTRBnEQF3B28AZLQ8xVyVmO/4WM1TA3/E0jfF5sfoZ7EpK+H0K3VfSPEqWbDoW3P6ZR
         MGH8RvYE0tWGoLn0+LBJM6CLITE2RSphVw/VXG85nD1jQAfJ05jpwTHceCzW8Ori9tgF
         gn4g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of tim.c.chen@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=tim.c.chen@linux.intel.com
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of tim.c.chen@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=tim.c.chen@linux.intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,404,1511856000";
   d="scan'208";a="12979898"
Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict
 Indirect Branch Speculation
To: "Woodhouse, David" <dwmw@amazon.co.uk>, Andi Kleen <ak@linux.intel.com>,
 Tom Lendacky <thomas.lendacky@amd.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
 KarimAllah Ahmed <karahmed@amazon.de>, linux-kernel@vger.kernel.org,
 Andrea Arcangeli <aarcange@redhat.com>, Andy Lutomirski <luto@kernel.org>,
 Arjan van de Ven <arjan@linux.intel.com>, Ashok Raj <ashok.raj@intel.com>,
 Asit Mallick <asit.k.mallick@intel.com>, Borislav Petkov <bp@suse.de>,
 Dan Williams <dan.j.williams@intel.com>, Dave Hansen
 <dave.hansen@intel.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
 Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
 Joerg Roedel <joro@8bytes.org>, Jun Nakajima <jun.nakajima@intel.com>,
 Laura Abbott <labbott@redhat.com>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Masami Hiramatsu <mhiramat@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>,
 Peter Zijlstra <peterz@infradead.org>, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>, Thomas Gleixner <tglx@linutronix.de>,
 kvm@vger.kernel.org, x86@kernel.org,
 Arjan Van De Ven <arjan.van.de.ven@intel.com>
References: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
 <1516476182-5153-10-git-send-email-karahmed@amazon.de>
 <243BE571-AF73-44B3-8D17-193F9E07686A@amacapital.net>
 <4e01a7a9-29e4-adcc-3f53-550fb7f3d370@amd.com>
 <1516724457.9521.156.camel@amazon.co.uk>
 <fb2b5589-e14c-470e-2de0-d9da1667bace@amd.com>
 <20180123224956.GQ7844@tassilo.jf.intel.com>
 <1516749276.13558.25.camel@amazon.co.uk>
From: Tim Chen <tim.c.chen@linux.intel.com>
Message-ID: <cac69284-e76f-6081-62db-adb4dc123045@linux.intel.com>
Date: Tue, 23 Jan 2018 16:47:36 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.1.0
MIME-Version: 1.0
In-Reply-To: <1516749276.13558.25.camel@amazon.co.uk>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140582166248265?=
X-GMAIL-MSGID: =?utf-8?q?1590432762648697917?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On 01/23/2018 03:14 PM, Woodhouse, David wrote:
> On Tue, 2018-01-23 at 14:49 -0800, Andi Kleen wrote:
>>> Not sure.  Maybe to start, the answer might be to allow it to be set for
>>> the ultra-paranoid, but in general don't enable it by default.  Having it
>>> enabled would be an alternative to someone deciding to disable SMT, since
>>> that would have even more of a performance impact.
>>
>> I agree. A reasonable strategy would be to only enable it for
>> processes that have dumpable disabled. This should be already set for
>> high value processes like GPG, and allows others to opt-in if
>> they need to.
> 
> That seems to make sense, and I think was the solution we were
> approaching for IBPB on context switch too, right?
> 
> Are we generally agreed on dumpable as the criterion for both of those?
> 

It is a reasonable approach.  Let a process who needs max security
opt in with disabled dumpable. It can have a flush with IBPB clear before
starting to run, and have STIBP set while running.

Tim