On 11/19/2018 06:00 AM, Jiri Kosina wrote: > On Mon, 19 Nov 2018, Thomas Gleixner wrote: > >>> Yeah. IBPB implementation used to check the dumpability of tasks during >>> rescheduling, but that went away later. >>> >>> I still think that ideally that 'app2app' setting would toggle how IBPB is >>> being used as well, something along the lines: >>> >>> lite: >>> - STIBP for the ones marked via prctl() and SECCOMP with the TIF_ >>> flag >>> - ibpb_needed() returning true for the same >>> >>> strict: >>> - STIBP: as currently implemented >>> - ibpb_needed() returning always true >>> >>> off: >>> - neither STIBP nor IBPB applied ever >>> >>> That's give us also some % of performance lost via IBPB back. >>> >>> Makes sense? >> >> Except for the naming convention, yes. See other mail. > > Actually Tim's patchset seems to already deal with IBPB in a consistent > way as well in > > [11/16] x86/speculation: Add Spectre v2 app to app protection modes > > but the fact that it's still using TIF_STIBP makes it a bit confusing and > hidden. So I'd suggest to fold something like below into it. >
Makes sense. Will rename the flag. Tim
