Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

From: Andi Kleen
Date: Tue Jan 23 2018 - 18:22:50 EST

Next message: Jiri Kosina: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Previous message: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
In reply to: Woodhouse, David: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Next in thread: Tim Chen: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 23, 2018 at 11:14:36PM +0000, Woodhouse, David wrote:
> On Tue, 2018-01-23 at 14:49 -0800, Andi Kleen wrote:
> > > Not sure. Maybe to start, the answer might be to allow it to be set for
> > > the ultra-paranoid, but in general don't enable it by default. Having it
> > > enabled would be an alternative to someone deciding to disable SMT, since
> > > that would have even more of a performance impact.
> >
> > I agree. A reasonable strategy would be to only enable it for
> > processes that have dumpable disabled. This should be already set for
> > high value processes like GPG, and allows others to opt-in if
> > they need to.
>
> That seems to make sense, and I think was the solution we were
> approaching for IBPB on context switch too, right?

Right.

-Andi

Next message: Jiri Kosina: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
Previous message: Andi Kleen: "Re: [PATCH v8 04/12] x86/spectre: Add boot time option to select Spectre v2 mitigation"
In reply to: Woodhouse, David: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Next in thread: Tim Chen: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]