Re: Re: STIBP by default.. Revert?

From: Arjan van de Ven
Date: Sun Nov 18 2018 - 18:04:29 EST

Next message: Sasha Levin: "Re: [PATCH v8 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit()"
Previous message: Jiri Kosina: "Re: STIBP by default.. Revert?"
In reply to: Jiri Kosina: "Re: STIBP by default.. Revert?"
Next in thread: Jiri Kosina: "Re: Re: STIBP by default.. Revert?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/19/2018 6:00 AM, Linus Torvalds wrote:

On Sun, Nov 18, 2018 at 1:49 PM Jiri Kosina <jikos@xxxxxxxxxx> wrote:

So why do that STIBP slow-down by default when the people who *really*
care already disabled SMT?

BTW for them, there is no impact at all.

Right. People who really care about security and are anal about it do
not see *any* advantage of the patch.

In the documentation, AMD officially recommends against this by default, and I can
speak for Intel that our position is that as well: this really must not be on by default.

STIBP and its friends are there as tools, and were created early on as big hammers because
that is all that one can add in a microcode update.. expensive big hammers.

In some ways it's analogous to the "disable caches" bit in CR0. sure it's there as a big hammer,
but you don't set that always just because caches could be used for a side channel

Using these tools much more surgically is fine, if a paranoid task wants it for example,
or when you know you are doing a hard core security transition. But always on? Yikes.

Next message: Sasha Levin: "Re: [PATCH v8 08/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit()"
Previous message: Jiri Kosina: "Re: STIBP by default.. Revert?"
In reply to: Jiri Kosina: "Re: STIBP by default.. Revert?"
Next in thread: Jiri Kosina: "Re: Re: STIBP by default.. Revert?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]