From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <peterz@infradead.org>
X-Google-Smtp-Source: AH8x2275WQiMpV5VmMbcgyrI345OyhtGtfA20C27br+GaUcb7YjKONlsOrPMkcenE1iFxgtM31uD
ARC-Seal: i=1; a=rsa-sha256; t=1516533772; cv=none;
        d=google.com; s=arc-20160816;
        b=tL7qI6dIPAIt86kOVFBg8uZFhc1ScLmqUx0oTOFufHff0QvAjO6I1j6JFFiQJqSpvK
         Zkn0RmX9jSnxqAWmlF//oWde7xRJEGwB3yiI1zS4DU7gLWX2gV21QUQOYBReld481+l4
         UwUMwcM6dsEWKG+amv1Pf7mzKC8Yb2nYomZ+t6LwABV8Is/qivK2pwick4oSPv1TVgGl
         lmtOkwcOME8ldNQywSSuGng/lVvyc4i9hk4fcZbVfYp0jD4jFVvjGGWGpD5sBoR2fnxc
         liRoWu/msBNH2yash/wFl8A0X4dbwntuL+3dHmdU8b5VOf0LcQ709AwhKFmpF5iheFk+
         6U7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=WuxfUlMmHpTRh5pM+BBhnAVBIwFUj4zlM0rBExujP9A=;
        b=eERgeUNDx8BjDaQTq6elEa77ips83LKveLWB7Qb/DdbHxKkw7vWfOrRUb9K8fLLfr9
         Byq/ViPxzWUbtwjkSWwI/DhUSqN+mrq+V1qXT9nXTMUyba8T12+ek/9CYAHazSNxtqv1
         viaKhEN5FwAkwSpjX++nxgw0OkSqKWaEtFxUeppaOJVHqgugj3gQqRDz2oEb0P2Cyjhi
         S1f1pEI6YhBk5oMTtYlRzI21sdLt0/XsrUeqk/VTruZD5d6x8kpxRyLL8hACns+BS7lj
         SE9gREdcqtBvuGG4Pf7Lb6DQdLLhGf9PwBIDnAxbu5ahNalcnqC+0/uEuL4m0FBr5VUR
         hd7A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY;
       spf=pass (google.com: best guess record for domain of peterz@infradead.org designates 205.233.59.134 as permitted sender) smtp.mailfrom=peterz@infradead.org
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=keSpIyVY;
       spf=pass (google.com: best guess record for domain of peterz@infradead.org designates 205.233.59.134 as permitted sender) smtp.mailfrom=peterz@infradead.org
Date: Sun, 21 Jan 2018 12:22:24 +0100
From: Peter Zijlstra <peterz@infradead.org>
To: KarimAllah Ahmed <karahmed@amazon.de>
Cc: linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>,
	Borislav Petkov <bp@suse.de>,
	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
	Joerg Roedel <joro@8bytes.org>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Laura Abbott <labbott@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
	x86@kernel.org
Subject: Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching
 into non dumpable process
Message-ID: <20180121112224.GH2269@hirez.programming.kicks-ass.net>
References: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
 <1516476182-5153-5-git-send-email-karahmed@amazon.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1516476182-5153-5-git-send-email-karahmed@amazon.de>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140567714479425?=
X-GMAIL-MSGID: =?utf-8?q?1590200916461362046?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Sat, Jan 20, 2018 at 08:22:55PM +0100, KarimAllah Ahmed wrote:
> From: Tim Chen <tim.c.chen@linux.intel.com>
> 
> Flush indirect branches when switching into a process that marked
> itself non dumpable.  This protects high value processes like gpg
> better, without having too high performance overhead.

So if I understand it right, this is only needed if the 'other'
executable itself is susceptible to spectre. If say someone audited gpg
for spectre-v1 and build it with retpoline, it would be safe to not
issue the IBPB, right?

So would it make sense to provide an ELF flag / personality thing such
that userspace can indicate its spectre-safe?

I realize that this is all future work, because so far auditing for v1
is a lot of pain (we need better tools), but would it be something that
makes sense in the longer term?