Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes

From: Thomas Gleixner
Date: Mon Nov 19 2018 - 19:02:41 EST

Next message: Tim Chen: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Previous message: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
In reply to: Jiri Kosina: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Next in thread: Tim Chen: "[Patch v5 13/16] security: Update speculation restriction of a process when modifying its dumpability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 20 Nov 2018, Jiri Kosina wrote:
> On Mon, 19 Nov 2018, Dave Hansen wrote:
>
> > > What? IBPB makes tons of sense even without STIBP.
> >
> > I'm lost. :)
> >
> > I don't think anyone is talking about using STIBP *everywhere* that IBPB
> > is in-use.
> >
> > We're just guessing that, if anybody is paranoid enough to ask for IBPB,
> > *and* they have SMT, they almost certainly want STIBP too.
>
> I think you are not lost :) and this is exactly what makes sense, and what
> Tim's patchset implements.

Tries to implement perhaps. Unless IBPB is never available when STIBP is
not available, but according to documentation that's unlikely because STIBP
can be unset when the CPU does not support HT at all.

Thanks,

tglx

Next message: Tim Chen: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Previous message: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
In reply to: Jiri Kosina: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Next in thread: Tim Chen: "[Patch v5 13/16] security: Update speculation restriction of a process when modifying its dumpability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]