public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Andrea Arcangeli <aarcange@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Dave Hansen <dave.hansen@intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linuxfoundation.org>,
	x86@kernel.org, Borislav Petkov <bp@alien8.de>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>,
	Greg KH <gregkh@linuxfoundation.org>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan Van De Ven <arjan.van.de.ven@intel.com>
Subject: Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code
Date: Wed, 10 Jan 2018 14:02:02 +0100	[thread overview]
Message-ID: <20180110130202.GI9706@redhat.com> (raw)
In-Reply-To: <1515588673.22302.139.camel@infradead.org>

On Wed, Jan 10, 2018 at 12:51:13PM +0000, David Woodhouse wrote:
> If it worked as Andrea suggests, then there would be absolutely no
> point in the patches we've seen which add the IBRS-frobbing on syscall
> entry and vmexit.

This is perhaps what you're missing I think, there is a huge point:
performance.

ibrs_enabled 1 ibpb_enabled 1 is much faster than ibrs_enabled 2
ibpb_enabled 1.

The current IBRS is disabling IBP, it can't do the "finegrined" thing
that leaves IBP speculation enabled.

Kernel is not a 100% C++ virtual template, so for kernel IBRS enabled
is not as a big deal as userland with IBRS enabled.

Once the new CPUid bit will be set it'll tell us IBRS is really
restricting speculation in a finegrined way with all privilege levels
ordered, so it simply tells is ibrs_enabled 2 ibpb_enabled 1 will be
faster than ibrs_enabled 1 ibpb_enabled 1, so the only thing we've to
do with the new CPUID bit you're talking about from the future, is to
change the default to ibrs_enabled 2 and it'll perform even better
with zero overhead in kernel entry points.

We already optimized for the future silicon, we've only to add a tweak
to detect cpuid and set the default ibrs_enabled to 2.

> The "IBRS all the time" feature is something we get on *future*
> hardware, not current hardware.

No, for current hardware it's the most secure option available and
required in fact if you want to fix guest userland attack on host
userland with math certainty which can matter for some customer.

  reply	other threads:[~2018-01-10 13:02 UTC|newest]

Thread overview: 64+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-10  1:06 [patch RFC 0/5] x86/spectre_v2: Initial integration of IBRS into the spectre_v2 mechanics Thomas Gleixner
2018-01-10  1:06 ` [patch RFC 1/5] x86/CPU: Sync CPU feature flags late Thomas Gleixner
2018-01-10  1:37   ` Dave Hansen
2018-01-10  1:39     ` Van De Ven, Arjan
2018-01-10  1:47       ` Thomas Gleixner
2018-01-10  2:57         ` Andy Lutomirski
2018-01-10 11:02           ` Thomas Gleixner
2018-01-10  1:44     ` Thomas Gleixner
2018-01-10  6:20     ` Ingo Molnar
2018-01-10 11:33       ` Borislav Petkov
2018-01-10 12:38         ` Thomas Gleixner
2018-01-10  1:06 ` [patch RFC 2/5] x86/spectre: Simplify spectre code a bit Thomas Gleixner
2018-01-10  6:22   ` Ingo Molnar
2018-01-10  1:06 ` [patch RFC 3/5] x86/spectre: Prepare for IBRS selection Thomas Gleixner
2018-01-10  1:51   ` Dave Hansen
2018-01-10  1:06 ` [patch RFC 4/5] x86/cpufeatures: Detect Speculation control feature Thomas Gleixner
2018-01-10  6:32   ` Ingo Molnar
2018-01-10 11:06     ` Thomas Gleixner
2018-01-10  1:06 ` [patch RFC 5/5] x86/speculation: Add basic speculation control code Thomas Gleixner
2018-01-10  2:02   ` Dave Hansen
2018-01-10  4:11     ` Justin Forbes
2018-01-10  9:22     ` Peter Zijlstra
2018-01-10  9:27       ` David Woodhouse
2018-01-10 10:03         ` Peter Zijlstra
2018-01-10 11:22           ` David Woodhouse
2018-01-10 11:41             ` Thomas Gleixner
2018-01-10 11:45             ` Peter Zijlstra
2018-01-10 11:54         ` Andrea Arcangeli
2018-01-10 11:58           ` David Woodhouse
2018-01-10 12:01             ` Andrea Arcangeli
2018-01-10 12:07               ` Andrea Arcangeli
2018-01-10 12:12                 ` David Woodhouse
2018-01-10 12:20                   ` Andrea Arcangeli
2018-01-10 12:27                     ` Andrea Arcangeli
2018-01-10 13:42                     ` Van De Ven, Arjan
2018-01-10 12:09               ` David Woodhouse
2018-01-10 12:17                 ` Andrea Arcangeli
2018-01-10 12:29                   ` David Woodhouse
2018-01-10 12:41                     ` Andrea Arcangeli
2018-01-10 12:47                       ` Jiri Kosina
2018-01-10 12:51                         ` David Woodhouse
2018-01-10 13:02                           ` Andrea Arcangeli [this message]
2018-01-10 13:05                             ` Andrea Arcangeli
2018-01-10 13:10                               ` Andrea Arcangeli
2018-01-10 13:12                                 ` Andrea Arcangeli
2018-01-10 12:57                         ` Andrea Arcangeli
2018-01-10 13:07                           ` David Woodhouse
2018-01-10 13:45                             ` Van De Ven, Arjan
2018-01-10 13:52                               ` Andrea Arcangeli
2018-01-10 13:53                                 ` Van De Ven, Arjan
2018-01-10 21:35                                   ` Tim Chen
2018-01-10 22:13                                     ` Andrea Arcangeli
2018-01-10 13:46                             ` Thomas Gleixner
2018-01-10 13:51                               ` Van De Ven, Arjan
2018-01-10 13:53                                 ` Thomas Gleixner
2018-01-10 13:58                               ` David Woodhouse
2018-01-10 14:10                               ` Andrea Arcangeli
2018-01-10 14:14                                 ` Van De Ven, Arjan
2018-01-10 14:59                                 ` Dave Hansen
2018-01-10 15:13                                   ` Andrea Arcangeli
2018-01-10 15:24                                     ` David Woodhouse
2018-01-10 15:47                                       ` Andrea Arcangeli
2018-01-10 15:56                                         ` David Woodhouse
2018-01-10 13:10                           ` Jiri Kosina

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180110130202.GI9706@redhat.com \
    --to=aarcange@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=arjan.van.de.ven@intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@intel.com \
    --cc=dwmw2@infradead.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=jikos@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=tim.c.chen@linux.intel.com \
    --cc=torvalds@linuxfoundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox