Re: [patch 15/24] x86/speculation: Add command line control for indirect branch speculation

[Thomas Gleixner]

On Thu, 22 Nov 2018, Borislav Petkov wrote:
> On Thu, Nov 22, 2018 at 10:18:58AM +0100, Peter Zijlstra wrote:
> > Right; that retpoline + IBPB case is one that came up earlier when we
> > talked about this stuff. The IBPB also helps against app2app BTB ASLR
> > attacks. So even if you have userspace retpoline, you might still want
> > IBPB.
> > 
> > But yes, this should be relatively straight forward to allow/fix with
> > the proposed code.
> 
> So I got some feedback from AMD that IBPB on context switch has a
> small perf impact and they wouldn't mind it being enabled by default
> considering that it provides protection against a lot of attack
> scenarios. Basically, what the recommendation says.
> 
> But if we go and do opt-in, then they're fine with it being off by
> default if we decide to do it so in the kernel.

So one way to do this would be to have additional options:

   prctl,ibpb and seccomp,ibpb

which then would keep the STIBP stuff as proposed and switch ibpb to always
mode. Adding the back to back optimization for the always ibpb mode is not
rocket science.

Thanks,

	tglx