Re: [PATCH v4 6/7] x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2 microcodes

[Ingo Molnar]

* David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:

> On Thu, 2018-01-25 at 12:34 +0100, Thomas Gleixner wrote:
> > 
> > This stuff is really a master piece of trainwreck engineering.
> > 
> > So yeah, whatever we do we end up with a proper mess. Lets go for a
> > blacklist and hope that we'll have something which holds at some
> > foreseeable day in the future.
> > 
> > The other concern I have is IBRS vs. IBPB. Are we sufficiently sure that
> > IBPB is working on those IBRS blacklisted ucode revisions? Or should we
> > just play safe and not touch any of this at all when we detect a
> > blacklisted one?
> 
> That isn't sufficiently clear to me. I've changed it back to blacklist
> *everything* for now, to be safe. If at any point Intel want to get
> their act together and give us coherent information to the contrary, we
> can change to separate IBPB/IBRS blacklists.

Yes.

I also agree that blacklists are the fundamentally correct approach here: a 
bit-rotting blacklist is far better to users than a bit-rotting whitelist, 
assuming that the number of CPU and microcode bugs goes down with time.

Thanks,

	Ingo