Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

2021-01-20 Thread Anand K. Mistry
> > This proposal attempts to reduce that cost by letting the system > > developer choose whether to issue the IBPB on entry or exit of an IB > > speculation disabled process (default is both, which is current > > behaviour). Documentation/admin-guide/hw-vuln/spectre.rst documents two > > mitigatio

Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

2021-01-20 Thread Anand K. Mistry
> > > > Signed-off-by: Anand K Mistry > > Signed-off-by: Anand K Mistry > > Two SoBs by you, why? Tooling issues probably. Not intentional. > > > --- > > Background: > > IBPB is slow on some CPUs. > > > > More detailed background: > > On some CPUs, issuing an IBPB can cause the address space sw

Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

2021-01-13 Thread Josh Poimboeuf
On Wed, Jan 13, 2021 at 07:47:19PM +1100, Anand K Mistry wrote: > When IB speculation is conditionally disabled for a process (via prctl() > or seccomp), IBPB is issued whenever that process is switched to/from. > However, this results more IBPBs than necessary. The goal is to protect > a victim pr

Re: [RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

2021-01-13 Thread Borislav Petkov
On Wed, Jan 13, 2021 at 07:47:19PM +1100, Anand K Mistry wrote: > When IB speculation is conditionally disabled for a process (via prctl() > or seccomp), IBPB is issued whenever that process is switched to/from. > However, this results more IBPBs than necessary. The goal is to protect > a victim pr

[RFC PATCH] x86/speculation: Add finer control for when to issue IBPB

2021-01-13 Thread Anand K Mistry
When IB speculation is conditionally disabled for a process (via prctl() or seccomp), IBPB is issued whenever that process is switched to/from. However, this results more IBPBs than necessary. The goal is to protect a victim process from an attacker poisoning the BTB by issuing IBPB in the attacker