From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25019C04EB8 for ; Tue, 4 Dec 2018 09:46:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DDC162082D for ; Tue, 4 Dec 2018 09:46:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DDC162082D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726060AbeLDJqi (ORCPT ); Tue, 4 Dec 2018 04:46:38 -0500 Received: from mga02.intel.com ([134.134.136.20]:39218 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725613AbeLDJqi (ORCPT ); Tue, 4 Dec 2018 04:46:38 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Dec 2018 01:46:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,313,1539673200"; d="scan'208";a="115808453" Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.251.82.99]) ([10.251.82.99]) by orsmga001.jf.intel.com with ESMTP; 04 Dec 2018 01:46:32 -0800 Subject: Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode To: Jiri Kosina , Tim Chen Cc: Linus Torvalds , Thomas Gleixner , Linux List Kernel Mailing , the arch/x86 maintainers , Peter Zijlstra , Andrew Lutomirski , thomas.lendacky@amd.com, Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , dave.hansen@intel.com, Casey Schaufler , "Mallick, Asit K" , jcm@redhat.com, longman9394@gmail.com, Greg KH , david.c.stewart@intel.com, Kees Cook , Jason Brandt References: <20181125183328.318175777@linutronix.de> <20181125185006.051663132@linutronix.de> From: Arjan van de Ven Message-ID: Date: Tue, 4 Dec 2018 10:46:31 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> On processors with enhanced IBRS support, we recommend setting IBRS to 1 >> and left set. > > Then why doesn't CPU with EIBRS support acutally *default* to '1', with > opt-out possibility for OS? (slightly longer answer) you can pretty much assume that on these CPUs, IBRS doesn't actually do anything (e.g. just a scratch bit) we could debate (and did :-)) for some time what the default value should be at boot, but it kind of is one of those minor issues that should not hold up getting things out. it could well be that the cpus that do this will ship with 1 as default, but it's hard to guarantee across many products and different CPU vendors when time was tight.