[ added a few more CCs for v2 ]
Currently, linux kernel is basically not preventing userspace-userspace spectrev2 attack, because: - IBPB is basically unused (issued only for tasks that marked themselves explicitly non-dumpable, which is absolutely negligible minority of all software out there), therefore cross-process branch buffer posioning using spectrev2 is possible - STIBP is completely unused, therefore cross-process branch buffer poisoning using spectrev2 between processess running on two HT siblings thread s is possible This patchset changes IBPB semantics, so that it's now applied whenever context-switching between processess that can't use ptrace() to achieve the same. This admittedly comes with extra overhad on a context switch; systems that don't care about could disable the mitigation using nospectre_v2 boot option. The IBPB implementaion is heavily based on original patches by Tim Chen. In addition to that, we unconditionally turn STIBP on so that HT siblings always have separate branch buffers. We've been carrying IBPB implementation with the same semantics in our (SUSE) trees since january disclosure; STIBP was more or less ignored up to today. Jiri Kosina (3): ptrace: Provide ___ptrace_may_access() that can be applied on arbitrary tasks x86/speculation: Apply IBPB more strictly to avoid cross-process spectre v2 leak x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation arch/x86/kernel/cpu/bugs.c | 12 ++++++++++++ arch/x86/mm/tlb.c | 15 ++++++--------- include/linux/ptrace.h | 15 +++++++++++++++ kernel/ptrace.c | 17 +++++++++++++---- 4 files changed, 46 insertions(+), 13 deletions(-) -- Jiri Kosina SUSE Labs