From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ak@linux.intel.com>
Received: from mga07.intel.com ([134.134.136.100])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <ak@linux.intel.com>)
	id 1fEdBs-0007BC-5Q
	for speck@linutronix.de; Fri, 04 May 2018 18:04:12 +0200
Date: Fri, 4 May 2018 09:04:08 -0700
From: Andi Kleen <ak@linux.intel.com>
Subject: [MODERATED] Re: [PATCH 3/5] SSB extra 1
Message-ID: <20180504160408.GG75137@tassilo.jf.intel.com>
References: <cover.1525383411.git.dave.hansen@intel.com> =?utf-8?q?=3Cd4ffdf?=
 =?utf-8?q?50f25bca207b3942fc4a390d2273487517=2E1525383411=2Egit=2Edave=2E?=
 =?utf-8?q?hansen=40intel=2Ecom=3E?=
 <alpine.DEB.2.21.1805041528400.1675@nanos.tec.linutronix.de>
 <1bf0c44d-c972-2c2e-5d90-4f51b8f2c4c9@linux.intel.com>
 <alpine.DEB.2.21.1805041624280.1675@nanos.tec.linutronix.de>
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.21.1805041624280.1675@nanos.tec.linutronix.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

> > Ahhh, that's an interesting point.  Are you thinking that we add a BPF
> > "instruction" to enable or disable the mitigations, and then have the
> > verifier insert it as the first instruction and then before any exit
> > instructions?  Is there some precedent for doing this?
> 
> Dunno, but it would be the obvious thing to do I think.

Other option would be a preempt notifier migrating the SSB state?

-Andi