Received: by 10.223.176.5 with SMTP id f5csp400207wra; Tue, 30 Jan 2018 13:24:07 -0800 (PST) X-Google-Smtp-Source: AH8x226XWrQAZjePKMPKd8CWh8v+MlhruNkC9TA6nxiwxvlUEpTBavIUSeu980wi8/t7dp/yc0vV X-Received: by 2002:a17:902:8e86:: with SMTP id bg6-v6mr27469039plb.402.1517347447446; Tue, 30 Jan 2018 13:24:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517347447; cv=none; d=google.com; s=arc-20160816; b=qhuZnXi/71iYe0kdWKx/yoPDLjP9WmcbfNat90VftkuYYtLEWJr/ZkL4f8ZvgQstxs 3KccprxN7Aigoyx2w/v7R63OSSh9jOUoV3Pa0el8k0dta3O/Y3ssdX4RhjMC6s5MI0DD vYKi/kOqxrJMWPoMPbVzUPzaOUJWfzXU823Y0HeQnHzZxhLWcdGVQWPi/ILlfZ0uMo5m 2b2tiK5LAKP6vS2theVUu3XQ7FH75GKuwT6O/3zoBx+nMOQEZE3R/b3KrYpSkoBxIu4Y s/8gOOrP7sCVg2rGDerLTgBGhsRqmkrQMqprqXuxcti/nwPELBzdt6Uqrvok2b9Ezed8 sT9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=9zkZxDRrWTdScFwGGlH8kG3Lh2e2svEnLiyRONqtWaA=; b=EBourOeSpY/r1JsSvb9gWi/sAQCU2vabRIUivzzhbDnUV5fVzQTByelkpBBN+6ucxq JdJldUFYet9pP+dKEtl+pIo85NY2gtiTqtS5UjQSkujAlz2k9/IwGjfUd54jSVUyyB5h iW7RstGgmD63Mk+XJUh55x94jMNm06a/ejlwJb9K5Vrs3deLkoRS+izk1k3g5mX405J5 ZrOheIHCTDh2DWKq7IRYdCaSroJO4Aaz791wJ+mfDGkvZPIK1Mx26/OwU0HEpzTsa0Tx JVUamvqCNGfqvstvlalMkLPFDmywKFfcCX7uLC9URkuvbtQIl//nx+jIeqSOcBqM4Qcj hxDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x68si161326pfe.46.2018.01.30.13.23.52; Tue, 30 Jan 2018 13:24:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752257AbeA3VXT (ORCPT + 99 others); Tue, 30 Jan 2018 16:23:19 -0500 Received: from mga06.intel.com ([134.134.136.31]:19220 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751678AbeA3VXS (ORCPT ); Tue, 30 Jan 2018 16:23:18 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jan 2018 13:23:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,436,1511856000"; d="scan'208";a="14668059" Received: from schen9-desk3.jf.intel.com (HELO [10.54.74.42]) ([10.54.74.42]) by orsmga006.jf.intel.com with ESMTP; 30 Jan 2018 13:23:17 -0800 Subject: Re: [PATCH] x86/speculation: Use Indirect Branch Prediction Barrier in context switch To: Josh Poimboeuf , David Woodhouse Cc: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, mingo@kernel.org, luto@kernel.org, linux@dominikbrodowski.net References: <1517263487-3708-1-git-send-email-dwmw@amazon.co.uk> <20180130174850.bwypk4r5yn2344jb@treble> From: Tim Chen Message-ID: Date: Tue, 30 Jan 2018 13:23:17 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <20180130174850.bwypk4r5yn2344jb@treble> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/30/2018 09:48 AM, Josh Poimboeuf wrote: > On Mon, Jan 29, 2018 at 10:04:47PM +0000, David Woodhouse wrote: >> From: Tim Chen >> >> Flush indirect branches when switching into a process that marked itself >> non dumpable. This protects high value processes like gpg better, >> without having too high performance overhead. > > I wonder what the point of this patch is. An audit of my laptop shows > only a single user of PR_SET_DUMPABLE: systemd-coredump. This is an opt in approach. For processes who need extra security, it set itself as non-dumpable. Then it can ensure that it doesn't see any poisoned BTB. > > [ And yes, I have gpg-agent running. Also, a grep of the gnupg source > doesn't show any evidence of it being used there. So the gpg thing > seems to be a myth. ] I'm less familiar with gpg-agent. Dave was the one who put in comments about gpg-agent in this patch so perhaps he can comment. > > But also, I much preferred the original version of the patch which only > skipped IBPB when 'prev' could ptrace 'next'. For the A->kernel thread->B scenario, you will need context of A to decide if you need IBPB when switching to B. You need to worry about whether the context of A has been released ... etc if you want to use ptrace. > > If performance is a concern, let's look at that in more detail. But I > don't see how the solution to a performance issue could possibly be > "leave (almost) all tasks vulnerable by default." > Thanks. Tim