Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

From: Anand K. Mistry
Date: Wed Jan 20 2021 - 09:23:28 EST

Next message: Paul Cercueil: "[PATCH v2 0/3] Fixes to bridge/panel and ingenic-drm"
Previous message: Peter Zijlstra: "Re: [PATCH 2/4] cpu/hotplug: CPUHP_BRINGUP_CPU exception in fail injection"
In reply to: Anand K. Mistry: "Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > This proposal attempts to reduce that cost by letting the system
> > developer choose whether to issue the IBPB on entry or exit of an IB
> > speculation disabled process (default is both, which is current
> > behaviour). Documentation/admin-guide/hw-vuln/spectre.rst documents two
> > mitigation strategies that use conditional IBPB;
> > "Protect sensitive programs", and "Sandbox untrusted programs".
>
> Why make the setting system-wide? Shouldn't this decision be made on a
> per-task basis, depending on whether the task is sensitive or untrusted?

It definitely could be. I didn't give it as much thought since for me,
the entire system uses a "sandbox" approach, so the behaviour would
apply to any IB spec disabled process. And conversely, any system
taking the "sensitive programs" approach would also expect the same
behaviour from all processes.

I'm open to making it per-process. It's just that making it
system-wide seemed to "fit" with the documented mitigation strategies,
and it's what I would use in production.

Next message: Paul Cercueil: "[PATCH v2 0/3] Fixes to bridge/panel and ingenic-drm"
Previous message: Peter Zijlstra: "Re: [PATCH 2/4] cpu/hotplug: CPUHP_BRINGUP_CPU exception in fail injection"
In reply to: Anand K. Mistry: "Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]