Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode

From: Arjan van de Ven
Date: Tue Dec 04 2018 - 04:46:41 EST

Next message: David Hildenbrand: "Re: [PATCH RFCv2 3/4] mm/memory_hotplug: Introduce and use more memory types"
Previous message: Lorenzo Pieralisi: "Re: [PATCH 05/12] PCI: aardvark: add suspend to RAM support"
In reply to: Arjan van de Ven: "Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode"
Next in thread: Linus Torvalds: "Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On processors with enhanced IBRS support, we recommend setting IBRS to 1
and left set.

Then why doesn't CPU with EIBRS support acutally *default* to '1', with
opt-out possibility for OS?

(slightly longer answer)

you can pretty much assume that on these CPUs, IBRS doesn't actually do anything
(e.g. just a scratch bit)

we could debate (and did :-)) for some time what the default value should be at boot,
but it kind of is one of those minor issues that should not hold up getting things out.

it could well be that the cpus that do this will ship with 1 as default, but it's hard to
guarantee across many products and different CPU vendors when time was tight.

Next message: David Hildenbrand: "Re: [PATCH RFCv2 3/4] mm/memory_hotplug: Introduce and use more memory types"
Previous message: Lorenzo Pieralisi: "Re: [PATCH 05/12] PCI: aardvark: add suspend to RAM support"
In reply to: Arjan van de Ven: "Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode"
Next in thread: Linus Torvalds: "Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]