Re: [PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation

Thu, 13 Sep 2018 07:54:43 -0700 

On 09/12/2018 04:26 PM, Tim Chen wrote:
> On 09/12/2018 10:16 AM, Tom Lendacky wrote:
>>
>>
>> On 09/11/2018 04:16 PM, Thomas Gleixner wrote:
>>> On Tue, 11 Sep 2018, Tim Chen wrote:
>>>> On 09/10/2018 04:46 AM, Jiri Kosina wrote:
>>>>> Nah, IBPB is actuall there, sorry. So I'll add reporting of STIBP + fixup 
>>>>> the missing reporting of RSB_CTXSW for v6.
>>>>>
>>>>
>>>> I anticipate that STIBP could affect workloads with a lot of indirect
>>>> branches (see previous discussion with Andrea).  We should have a 
>>>> knob for people to opt in or opt out of STIBP.
>>>
>>> Feel free to send a patch to that effect.
>>
>> Tim, are you planning on sending a patch for this?  If so, what type of
>> opt in/out are you thinking about, something similar to SSBD?
>>
> 
> I'm working on a patch for choosing the Spectre v2 app to app
> mitigation option.
> 
> Something like the following:
> 
> enum spectre_v2_app2app_mitigation {
>         SPECTRE_V2_APP2APP_NONE,
>         SPECTRE_V2_APP2APP_LITE,
>         SPECTRE_V2_APP2APP_IBPB,
>         SPECTRE_V2_APP2APP_STIBP,
>         SPECTRE_V2_APP2APP_STRICT,
> };
> 
> static const char *spectre_v2_app2app_strings[] = {
>         [SPECTRE_V2_APP2APP_NONE]               = "App-App Vulnerable",
>         [SPECTRE_V2_APP2APP_LITE]               = "App-App Mitigation: 
> Protect only non-dumpable process",
>         [SPECTRE_V2_APP2APP_IBPB]               = "App-App Mitigation: 
> Protect app against attack from same cpu",
>         [SPECTRE_V2_APP2APP_STIBP]              = "App-App Mitigation: 
> Protect app against attack from sibling cpu",
>         [SPECTRE_V2_APP2APP_STRICT]             = "App-App Mitigation: Full 
> app to app attack protection",
> };
> 
> So the APP2APP_LITE protection's intention is to turn on STIBP and IBPB for 
> non-dumpable
> process.  But in my first version I may limit it to IBPB as choosing
> STIBP based on process characteristics will require some frobbing of
> the flags as what we've done in SSBD.  That will require more careful
> work and tests.
> 
> The STRICT option will turn STIBP on always and IBPB always on
> non-ptraceable context switches.
> 
> Is this something reasonable?
> 
> Tom, if you already have a patch, feel free to post.

No, I don't have anything.  I just like the idea of opt in/out for STIBP
and thought it should be similar to SSBD to provide consistency.

Thanks,
Tom

> 
> Tim
>

Reply via email to