On 10/02/2018 12:10 PM, Thomas Gleixner wrote: > On Tue, 25 Sep 2018, Tim Chen wrote: > >> This patch provides an application property based spectre_v2 > > # git grep 'This patch' Documentation/process/ > >> protection with STIBP against attack from another app from > > s/app/application/ please. This is not android. > >> a sibling hyper-thread. For security sensitive non-dumpable >> app, STIBP will be turned on before switching to it for Intel >> processors vulnerable to spectre_v2. > > What has this to do with Intel processors? > >> -static __always_inline void intel_set_ssb_state(unsigned long tifn) >> +static __always_inline void set_spec_ctrl_state(unsigned long tifn) >> { >> - u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); >> + u64 msr = x86_spec_ctrl_base; >> + >> + if (static_cpu_has(X86_FEATURE_SSBD)) >> + msr |= ssbd_tif_to_spec_ctrl(tifn); >> + >> + if (cpu_smt_control == CPU_SMT_ENABLED) >> + msr |= stibp_tif_to_spec_ctrl(tifn); > > Oh no. We are not adding yet another conditional into switch to. Either > that's done unconditionally or this wants to have a static key.
Okay, will add a static_key to indicate that SMT is in use. Tim > >> wrmsrl(MSR_IA32_SPEC_CTRL, msr); > > Thanks, > > tglx >