Received: by 10.223.176.46 with SMTP id f43csp1668804wra;
        Sun, 21 Jan 2018 01:51:06 -0800 (PST)
X-Google-Smtp-Source: AH8x226oNWlPFIb4R3OYij/9dDwtAkz/LtIoKsufqZVSNd9kRn2WsevRI0OCr0KuBmLNoM6yL30a
X-Received: by 10.99.172.86 with SMTP id z22mr4179277pgn.227.1516528265898;
        Sun, 21 Jan 2018 01:51:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516528265; cv=none;
        d=google.com; s=arc-20160816;
        b=bChQu+yK4DUwtsW872k6lL+h+DwlL7B3KYJmrJgIZKwZFL1TCSOzlS66dJiye5HmZp
         C/ICZiOGBuCNRCIDxvGPsaemzi/CQjSsEU2d8mNDFbdzZk83X6mRWVZ4MJPUfcAJx/PC
         qIX6MdnvAGkBFWb07TUEWQeWsRec+g96yp2hrQSmDqDcX0Y6/3O+EWCFntyOmfjnpoBy
         ssWevUeKwYv/4aDBcViW5IYBzgj1W6KB9cphxINqED+ss6nqHtssciatIHMKujE4I3K/
         rYeuVnQ0m7GaExV9kEvLDjwd93Y3EzMRQR81H1szkvCr+oQKDnPInd3IyOBNsKShL/Y2
         FE/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:to:from:dkim-signature:arc-authentication-results;
        bh=061kL8zroH8l4c3tEfz/x6XYcyJCsm+f2C8rAQCOPlM=;
        b=HYLA37N/nlP4p4BkCoh6tLeGRxl+njNo/Fon2R5aZ5Rvv9eX9uvxf4gFrfGT332Z8x
         q+0UjJvym7/HHDzbvN8Szbix7BsbPSfYrQbkjXx7Wnroyjri/j1Z4uXmHXt3R5Iy1c+s
         kjCEB7jHPHTjffJV8mwBa0mfBMN23kQt+m34519f27nXIE+szoBnr2HcJo/jHUO28r0+
         JlfGVBOib1rjCsTN0j1VVIxL9cCc/649wH5mjVQ/pFG0NUoFGTCCXbzwa/Qo8gcU4o+e
         ATr7AY3HkDlVVi8JFXl5VUDxr+t5rd4ll1got8+8zP/4qqBy7xFJo2qt68SVY9CgKs95
         KyiA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=fp+JK9v+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z6si13234851pfi.345.2018.01.21.01.50.52;
        Sun, 21 Jan 2018 01:51:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=fp+JK9v+;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751264AbeAUJt6 (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Sun, 21 Jan 2018 04:49:58 -0500
Received: from smtp-fw-4101.amazon.com ([72.21.198.25]:64799 "EHLO
        smtp-fw-4101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751212AbeAUJtl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 21 Jan 2018 04:49:41 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt;
  s=amazon201209; t=1516528180; x=1548064180;
  h=from:to:subject:date:message-id:in-reply-to:references;
  bh=061kL8zroH8l4c3tEfz/x6XYcyJCsm+f2C8rAQCOPlM=;
  b=fp+JK9v+bk8e2o8vekiNjoNj3F/WPEmaXZBjR+gdOeLK6HdRKGOWaM6Q
   NXRVC1ECSMfXq4iL5qjtL53slScLaR0TmZupzdj9OzTFbh+Ke18Skjp2J
   +gh9YlNxYdmxbG54zxcJCzcwzBNy5nUxyjHOCgjwOl7sf24R/9u0yUCHl
   A=;
X-IronPort-AV: E=Sophos;i="5.46,390,1511827200"; 
   d="scan'208";a="704575208"
Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-2b-2eab95aa.us-west-2.amazon.com) ([10.124.125.6])
  by smtp-border-fw-out-4101.iad4.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 21 Jan 2018 09:49:33 +0000
Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (pdx2-ws-svc-lb17-vlan2.amazon.com [10.247.140.66])
        by email-inbound-relay-2b-2eab95aa.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w0L9nS1H016863
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
        Sun, 21 Jan 2018 09:49:30 GMT
Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1])
        by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0L9nRmt010322;
        Sun, 21 Jan 2018 09:49:27 GMT
Received: (from dwmw@localhost)
        by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w0L9nRlB010321;
        Sun, 21 Jan 2018 09:49:27 GMT
From:   David Woodhouse <dwmw@amazon.co.uk>
To:     arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de,
        x86@kernel.org, linux-kernel@vger.kernel.org,
        tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org,
        pbonzini@redhat.com, ak@linux.intel.com,
        torvalds@linux-foundation.org, gregkh@linux-foundation.org
Subject: [PATCH v2 8/8] x86/mm: Only flush indirect branches when switching into non dumpable process
Date:   Sun, 21 Jan 2018 09:49:09 +0000
Message-Id: <1516528149-9370-9-git-send-email-dwmw@amazon.co.uk>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1516528149-9370-1-git-send-email-dwmw@amazon.co.uk>
References: <1516528149-9370-1-git-send-email-dwmw@amazon.co.uk>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Andi Kleen <ak@linux.intel.com>

Flush indirect branches when switching into a process that marked
itself non dumpable.  This protects high value processes like gpg
better, without having too high performance overhead.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
---
 arch/x86/mm/tlb.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 304de7d..f64e80c 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -225,8 +225,19 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
 		 * Avoid user/user BTB poisoning by flushing the branch predictor
 		 * when switching between processes. This stops one process from
 		 * doing Spectre-v2 attacks on another.
+		 *
+		 * As an optimization: Flush indirect branches only when
+		 * switching into processes that disable dumping.
+		 *
+		 * This will not flush when switching into kernel threads.
+		 * But it would flush when switching into idle and back
+		 *
+		 * It might be useful to have a one-off cache here
+		 * to also not flush the idle case, but we would need some
+		 * kind of stable sequence number to remember the previous mm.
 		 */
-		indirect_branch_prediction_barrier();
+		if (tsk && tsk->mm && get_dumpable(tsk->mm) != SUID_DUMP_USER)
+			indirect_branch_prediction_barrier();
 
 		if (IS_ENABLED(CONFIG_VMAP_STACK)) {
 			/*
-- 
2.7.4