Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1093990imm; Tue, 2 Oct 2018 02:35:55 -0700 (PDT) X-Google-Smtp-Source: ACcGV61NL2LKynbOJUMznJoilaoNPFlzj6zHjqIjJomixyyvtw0S0FPJtSQK9AAn0+oTbie4Xl/P X-Received: by 2002:a63:4860:: with SMTP id x32-v6mr13706907pgk.375.1538472955681; Tue, 02 Oct 2018 02:35:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538472955; cv=none; d=google.com; s=arc-20160816; b=Db5hbvb/da9dSx/PGgEHrj8QwbTIQBKbEGFtZwYJ/gMYwGVEkCjE3sO9UzHHkMvH0z NPVECX47g4tBF3Gq7FezNd4m8wCGr6Dk3T50CaJDgHw9kIiOzXPEQpDZygUF00NOST2D kTu9wQzxph34jJRfVmZR08uXpkk7YeF1e3rSslNEVQeMfa5xM/PYF1KJjOI/ib9OhqZd XLsbBL/N3nDFcdjyCOl1ETFu0KkICaI6ni87d7Y52W0e57xM1aItxI0AEeOB0ZEh1OA1 TSQKpgfKeHm3u6bOBtJ5W/Qgeo3v7yeHJmA6ZA7B6yNeP0Ee6CZxJCn/2PFsbTvEnbwt h6bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=6xSM6ClC5PkVgF/2uYCHLIvXyWD08igqfDzO73h5yYQ=; b=WjpZynunertxSsXMXfUKTHOgtvMI8/VgidiL+Nff/OPKgIMH9slmmFfFG8ckDvO3qZ xbik/szLKsrrtGiDihUzPQfOQhdCIjWx6eUGOxhYAOJKRAT1t9smQdN2vOwD3Qtc/NTx KqYURNPF7LL2TdrRMlXI3QMMuh9qhMCiwS3leokwjAvLzJDfAPitVfweFPuwdCMJdTjV U38pZkdML4nvN1cA1wG74PkGEKtS/6Q4yn4/grO+qwb8uD+T4wAsdPlA2LbQIBL7JhGo FMiyNjb88LFBCTDbe4QkPxPrS74DSdaYgex+7l3fFVc8urEMyx3yrxy9+u3y+r0NprIO 3h+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=qzaZWz7S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t192-v6si13915242pgc.485.2018.10.02.02.35.39; Tue, 02 Oct 2018 02:35:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=qzaZWz7S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726617AbeJBQR4 (ORCPT + 99 others); Tue, 2 Oct 2018 12:17:56 -0400 Received: from mail-wm1-f46.google.com ([209.85.128.46]:36091 "EHLO mail-wm1-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726207AbeJBQR4 (ORCPT ); Tue, 2 Oct 2018 12:17:56 -0400 Received: by mail-wm1-f46.google.com with SMTP id n23-v6so1476534wmc.1 for ; Tue, 02 Oct 2018 02:35:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=6xSM6ClC5PkVgF/2uYCHLIvXyWD08igqfDzO73h5yYQ=; b=qzaZWz7SjjSaRZblzP9l2l/iZSFoMgWAphEMTQIlqm9MlTeTIP7RB8T4+N1eO2Siz7 bqx1flGM1dMe3qYU2Caij5Dg4J7RgSuvzH2QKdTNtz4jjo2yHmiQV4GRLp+3IkdX1hZR KHAF6KSMmG7kCqsbDIPQkoZc78ZSX76yrk9C5rnYY+XRCXgDI2cVptBzMch5DFrboizE 64+4DgxBYZOmGrDjnuTC/JQSgsRfa5EmmX7KMYkfq6NoP7UY4gNuA9QpYgp/gMOMGs0J uZx72Jv2VipEfLC9Q0n3Jp+FY/nibFs6j6o2XWsepA3bgnawiSmeZ+svgy2nxx1WVP8l vXmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=6xSM6ClC5PkVgF/2uYCHLIvXyWD08igqfDzO73h5yYQ=; b=T16/xP2BmqzKli2VPRz2v/n97dezlJRpXgPJ6reUGcx8pu82ukYu3wNK5Fpl5KnyPG ohRmysOwbYJ68ALpIfLvF239nLgqf9W8QPn+qpYS0hpLhLrJpsifWEa1zObXxqeZMAh+ 3gGodzqjk7XnFDuV4+H+oZTGpOnllefbzgQ3tYtHdrrFAhIACVt91z2p6Fw54r/vM/Ys LCM2JW4HCgPNLnRb6AMRpVLYt6g7f2vBhBH6QCa/PxiifwNldHASmsxJWz8czQnHbGhS GPYt5L0Aq0ffo+W0HoNSYDWFLBPj+YgVAMk7lvyL0oXIHHy3DV7399MYugdNaj36YDXe T7dQ== X-Gm-Message-State: ABuFfoitYdLuwae5ZDtc4m2dsUKnNpawJnob6XiyIog4s876Nf5aytbW L6N9dbWYghGz4CxBLRXUhckGkAWm X-Received: by 2002:a1c:385:: with SMTP id 127-v6mr1311779wmd.92.1538472933944; Tue, 02 Oct 2018 02:35:33 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id e127-v6sm9556930wmg.45.2018.10.02.02.35.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 02 Oct 2018 02:35:33 -0700 (PDT) Date: Tue, 2 Oct 2018 11:35:30 +0200 From: Ingo Molnar To: Tim Chen Cc: Jiri Kosina , Thomas Gleixner , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Andi Kleen , Dave Hansen , Casey Schaufler , Asit Mallick , Arjan van de Ven , Jon Masters , linux-kernel@vger.kernel.org, x86@kernel.org Subject: Re: [Patch v2 4/4] x86/speculation: Add prctl to control indirect branch speculation per process Message-ID: <20181002093530.GC122128@gmail.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Tim Chen wrote: > To migitgate possible app to app attack from branch target buffer poisoning, > a new prctl is provided to control branch speculation for applications in > user app. The following interfaces are provided: s/migitgate /mitigate > > prctl(PR_SET_SPECULATION_CTRL, PR_INDIR_BRANCH, PR_SPEC_DISABLE, 0, 0); > - Disable branch target speculation to protect against app to app > style attack using IBPB and STIBP > > prctl(PR_SET_SPECULATION_CTRL, PR_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0); > - Allow branch target speculation, no mitigation for Spectre V2 > > prctl(PR_GET_SPECULATION_CTRL, PR_INDIR_BRANCH, 0, 0, 0) > - Query the indirect branch speculation restriction on a process Well 'a process' is always 'the current process' in this case, right? > - lite - only turn on mitigation for non-dumpable processes > + lite - turn on mitigation for non-dumpable processes > + or processes that has indirect branch restricted > + via prctl's PR_SET_SPECULATION_CTRL option s/or processes that has indirect /or processes that have been indirect ? > + /* > + * If being set on non-current task, delay setting the CPU > + * mitigation until it is next scheduled. > + * Use speculative_store_bypass_update will update SPEC_CTRL MSR > + */ > + if (task == current && update) > + speculative_store_bypass_update_current(); Did you mean: Call to speculative_store_bypass_update_current() will update SPEC_CTRL MSR ? > - * For lite protection mode, we only protect the non-dumpable > - * processes. > + * For lite protection mode, we protect processes > + * where the user explicitly disable indirect branch > + * speculation or mark the process as non-dumpable. s/where the user explicitly disable /where the user explicitly disables ? Thanks, Ingo