Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code

From: David Woodhouse
Date: Wed Jan 10 2018 - 06:59:04 EST

Next message: Jan Kara: "Re: ååïext4, quota, projectid: limits without capablity"
Previous message: David Woodhouse: "Re: [PATCH] x86/alternatives: Fix optimize_nops() checking"
In reply to: Andrea Arcangeli: "Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code"
Next in thread: Andrea Arcangeli: "Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2018-01-10 at 12:54 +0100, Andrea Arcangeli wrote:
> On Wed, Jan 10, 2018 at 09:27:59AM +0000, David Woodhouse wrote:
> > I don't know why you're calling that 'IBRS=2'; are you getting
> confused
> > by Andrea's distro horridness?
>
> Eh, yes he's got confused. ibrs_enabled 2 simply means to leave IBRS
> set in SPEC_CTLR 100% of the time, except in guest mode.

On all current hardware, if you only set IBRS when you exit a guest,
then you are not protecting yourself from userspace at all. IBRS acts
as a *barrier* in all current hardware.

Future CPUs will have a new feature where you *can* do something like
this, but this is not available yet.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Jan Kara: "Re: ååïext4, quota, projectid: limits without capablity"
Previous message: David Woodhouse: "Re: [PATCH] x86/alternatives: Fix optimize_nops() checking"
In reply to: Andrea Arcangeli: "Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code"
Next in thread: Andrea Arcangeli: "Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]