On Thu, Sep 06, 2018 at 10:32:38AM +0200, Jiri Kosina wrote: > From: Jiri Kosina <jkos...@suse.cz> > > Currently, we are issuing IBPB only in cases when switching into a > non-dumpable > process, the rationale being to protect such 'important and security > sensitive' > processess (such as GPG) from data leak into a different userspace process via > spectre v2. > > This is however completely insufficient to provide proper > userspace-to-userpace > spectrev2 protection, as any process can poison branch buffers before being > scheduled out, and the newly scheduled process immediately becomes spectrev2
"becomes a" > victim. > > In order to minimize the performance impact (for usecases that do require > spectrev2 protection), issue the barrier only in cases when switching between > processess where the victim can't be ptraced by the potential attacker (as in "processes" > such cases, the attacker doesn't have to bother with branch buffers at all). > > Fixes: 18bf3c3ea8 ("x86/speculation: Use Indirect Branch Prediction Barrier > in context switch") > Originally-by: Tim Chen <tim.c.c...@linux.intel.com> > Signed-off-by: Jiri Kosina <jkos...@suse.cz> Reviewed-by: Josh Poimboeuf <jpoim...@redhat.com> -- Josh