On Sun, Nov 25, 2018 at 11:20:50PM +0100, Thomas Gleixner wrote: > On Sun, 25 Nov 2018, Andi Kleen wrote: > > > > The current check whether two tasks belong to the same context is using > > > the > > > tasks context id. While correct, it's simpler to use the mm pointer > > > because > > > it allows to mangle the TIF_SPEC_IB bit into it. The context id based > > > mechanism requires extra storage, which creates worse code. > > > > [We tried similar in some really early versions, but it was replaced > > with the context id later.] > > > > One issue with using the pointer is that the pointer can be reused > > when the original mm_struct is freed, and then gets reallocated > > immediately to an attacker. Then the attacker may avoid the IBPB. > > > > Given it's probably hard to generate any reasonable leak bandwidth with > > such a complex scenario, but it still seemed better to close the hole. > > Sorry, but that's really a purely academic exercise.
Ok fair enough. I guess it's acceptable if you add a comment explaining it. -Andi