Quick reply: I agree, I'm just supporting this :) -- Computer Architect
> On Oct 2, 2018, at 11:43, Jiri Kosina <[email protected]> wrote: > > On Tue, 2 Oct 2018, Jon Masters wrote: > >>> This patch provides an application property based spectre_v2 >>> protection with STIBP against attack from another app from >>> a sibling hyper-thread. For security sensitive non-dumpable >>> app, STIBP will be turned on before switching to it for Intel >>> processors vulnerable to spectre_v2. >> >> A general comment. I think in practice this will be similar to the >> speculative store buffer bypass (aka "variant 4") issue in terms of >> opt-in mitigation. Many users won't want to take the performance hit of >> having STIBP by default for peer threads. We should make sure that we >> don't force users into a mitigation but retain an option. Whether it's >> default-on or not can be debated, though I think the vendors lean toward >> having default-off with an opt-in, and customers will probably agree. So >> anyway, I encourage a pragmatic approach similar to that for SSBD. > > Which is what Tim's patchset is implementing on top. > > Thanks, > > -- > Jiri Kosina > SUSE Labs >
