On Mon, 19 Nov 2018, Thomas Gleixner wrote:
> > On Sat, 17 Nov 2018, Jiri Kosina wrote:
>
> > Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite
> > mode
> >
> > If 'lite' mode of app2app protection from spectre_v2 is selected on
> > kernel command-line, we are currently applying STIBP protection to
> > non-dumpable tasks, and tasks that have explicitly requested such
> > protection via
> >
> > prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0,
> > 0);
> >
> > Let's extend this to cover also SECCOMP tasks (analogically to how we
> > apply SSBD protection).
>
> Right. And SSBD does not fiddle with dumpable.
>
> Willy had concerns about the (ab)use of dumpable so I'm holding off on that
> bit for now.
Yeah. IBPB implementation used to check the dumpability of tasks during
rescheduling, but that went away later.
I still think that ideally that 'app2app' setting would toggle how IBPB is
being used as well, something along the lines:
lite:
- STIBP for the ones marked via prctl() and SECCOMP with the TIF_
flag
- ibpb_needed() returning true for the same
strict:
- STIBP: as currently implemented
- ibpb_needed() returning always true
off:
- neither STIBP nor IBPB applied ever
That's give us also some % of performance lost via IBPB back.
Makes sense?
Thanks,
--
Jiri Kosina
SUSE Labs
