Re: [PATCH RFC 1/2] x86/entry_64: Add a separate unmitigated entry/exit path

From: Waiman Long
Date: Fri Sep 20 2024 - 02:58:05 EST

Next message: Yu Kuai: "Re: [PATCH RFC 5/6] md/raid1: Handle bio_split() errors"
Previous message: Ryan Roberts: "Re: [PATCH V2 7/7] mm: Use pgdp_get() for accessing PGD entries"
In reply to: Pawan Gupta: "[PATCH RFC 1/2] x86/entry_64: Add a separate unmitigated entry/exit path"
Next in thread: Pawan Gupta: "Re: [PATCH RFC 1/2] x86/entry_64: Add a separate unmitigated entry/exit path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/19/24 17:52, Pawan Gupta wrote:

CPU mitigations are deployed system-wide, but usually not all of the
userspace is malicious. Yet, they suffer from the performance impact
of the mitigations. This all or nothing approach is due to lack of a
way for kernel to know which userspace can be trusted and which cannot.

For scenarios where an admin can decide which processes to trust, an
interface to tell the kernel to possibly skip the mitigation would be
useful.

In preparation for kernel to be able to selectively apply mitigation
per-process add a separate kernel entry/exit path that skips the
mitigations.

Originally-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>

For the current patch, not all x86 CPU vulnerability mitigations can be disabled. Maybe we should list the subset of mitigations that can be disabled.

Cheers,
Longman

Next message: Yu Kuai: "Re: [PATCH RFC 5/6] md/raid1: Handle bio_split() errors"
Previous message: Ryan Roberts: "Re: [PATCH V2 7/7] mm: Use pgdp_get() for accessing PGD entries"
In reply to: Pawan Gupta: "[PATCH RFC 1/2] x86/entry_64: Add a separate unmitigated entry/exit path"
Next in thread: Pawan Gupta: "Re: [PATCH RFC 1/2] x86/entry_64: Add a separate unmitigated entry/exit path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]