On Tue, 27 Nov 2018, Jiri Kosina wrote:
> --- a/arch/x86/kernel/process.c > +++ b/arch/x86/kernel/process.c > @@ -474,6 +474,21 @@ void __switch_to_xtra(struct task_struct *prev_p, struct > task_struct *next_p) > > tifn = READ_ONCE(task_thread_info(next_p)->flags); > tifp = READ_ONCE(task_thread_info(prev_p)->flags); > + > + /* > + * SECCOMP tasks might have had their spec_ctrl flags updated during > + * runtime from a different CPU. > + * > + * When switching to such a task, populate thread flags with the ones > + * that have been temporarily saved in spec_flags by > task_update_spec_tif() > + * in order to make sure MSR value is always kept up to date. > + * > + * SECCOMP tasks never disable the mitigation for other threads, only > enable. > + */ > + if (IS_ENABLED(CONFIG_SECCOMP) && > + test_and_clear_tsk_thread_flag(next_p, TIF_SPEC_UPDATE)) > + tifp |= READ_ONCE(task_thread_info(next_p)->spec_flags); This should be 'tifn' of course. -- Jiri Kosina SUSE Labs