Received: by 10.223.176.46 with SMTP id f43csp3235052wra; Mon, 22 Jan 2018 10:31:52 -0800 (PST) X-Google-Smtp-Source: AH8x227sEa4UmvL+cVMbKlA0DHaVOrPtT5SRhOd882eKwxNoIEJD2grFvZ3aBQ23CTPNZc3dPvFc X-Received: by 10.36.189.129 with SMTP id x123mr8175533ite.31.1516645911992; Mon, 22 Jan 2018 10:31:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516645911; cv=none; d=google.com; s=arc-20160816; b=iOUK7z1adF5BqJKgC+2CSgzm6fjUcnKyvONF9Etp14SY77GjjHbTpAZKxaX8rLuq+Y fbJky9R1wbJRAD8iO0COR5TtCTCZxmwBcyKWvAuc5IdXTWp9y7pNlq69kn4GdqtaCB4p ek26g4lPbtFOlLKWio1B4TrW+CzIAclcVxjK2B0EcTrDXVwdkyxRLz41qj9MZkVar2dY 5QW+p4qmKCAWEoQ0UhXZjeC6ZUwLBafVPXkutWULCob+uv7tdhKV5YCfSxxW14iSmuM+ tBnsNZaSP1vlMgpoLzwC6EU/JOpwU5FEB0YEM0Cou6iIuEoL/b7cLQ2yc7CzczhHnoiL HDTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=vczQv8f+XVItok2jJaFpkcCI+iKIRu3xItrmjcRlGXc=; b=ir/DLpTgQ5dl6bunCZ7aLA+JPv198xavNq3KWnjCTKJgWK9h/Ieir7WOOxsVY9YC1M 52Z36oZC+Cb1QPmS1XDadfZvBF3sgoZdBR47yf5Z6iiAZle1jh8/bdhLn1fPY0ezLlZD Z655QUSLIMad5BenUreDJRAmIDNWeNxnPLOVZSC3XwRLavL+5DrKLJin8XbGnGT7kLnG BwRQm7rxl+yzrfKBYCiAiFkwZDf0kpTnvYVGSZoBoZ494bEqmDwCBJgtpkYgb7PWBLST N2OxjAKFrG41Craon5wKHHPyzeLVeTNy1vGZc48pRTvp4XtMpDzEHFaGO1eGS+9Pzwdy Bp9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f185si6574141ith.3.2018.01.22.10.31.38; Mon, 22 Jan 2018 10:31:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751359AbeAVS33 (ORCPT + 99 others); Mon, 22 Jan 2018 13:29:29 -0500 Received: from mga04.intel.com ([192.55.52.120]:46526 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751113AbeAVS3Y (ORCPT ); Mon, 22 Jan 2018 13:29:24 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Jan 2018 10:29:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,397,1511856000"; d="scan'208";a="12562247" Received: from schen9-desk3.jf.intel.com (HELO [10.54.74.42]) ([10.54.74.42]) by orsmga006.jf.intel.com with ESMTP; 22 Jan 2018 10:29:23 -0800 Subject: Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process To: "Woodhouse, David" , KarimAllah Ahmed , linux-kernel@vger.kernel.org Cc: Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-5-git-send-email-karahmed@amazon.de> <1516482364.9814.18.camel@amazon.co.uk> From: Tim Chen Message-ID: Date: Mon, 22 Jan 2018 10:29:23 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <1516482364.9814.18.camel@amazon.co.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/20/2018 01:06 PM, Woodhouse, David wrote: > On Sat, 2018-01-20 at 20:22 +0100, KarimAllah Ahmed wrote: >> From: Tim Chen > > I think this is probably From: Andi now rather than From: Tim? This change is from Andi. >> 1 file changed, 12 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c >> index 304de7d..f64e80c 100644 >> --- a/arch/x86/mm/tlb.c >> +++ b/arch/x86/mm/tlb.c >> @@ -225,8 +225,19 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, >> * Avoid user/user BTB poisoning by flushing the branch predictor >> * when switching between processes. This stops one process from >> * doing Spectre-v2 attacks on another. >> + * >> + * As an optimization: Flush indirect branches only when >> + * switching into processes that disable dumping. >> + * >> + * This will not flush when switching into kernel threads. >> + * But it would flush when switching into idle and back >> + * >> + * It might be useful to have a one-off cache here >> + * to also not flush the idle case, but we would need some >> + * kind of stable sequence number to remember the previous mm. >> */ >> - indirect_branch_prediction_barrier(); >> + if (tsk && tsk->mm && get_dumpable(tsk->mm) != SUID_DUMP_USER) >> + indirect_branch_prediction_barrier(); We could move this close to the cr3 write. The cr3 write provides barrier against unwanted speculation in the above if check. Tim