On 01/30/2018 02:43 PM, Borislav Petkov wrote:
> On Tue, Jan 30, 2018 at 02:26:53PM -0800, Tim Chen wrote:
>> If the process has multiple threads running on different cpus,
>
> I'm talking about issuing the barrier in set_dumpable(). What threads on
> multiple CPUs?
>
As dumpable is a property in mm->flags, it affects all threads running on other
cpus sharing
the same mm. If you issue IBPB only on the cpu that perform the set_dumpable(),
the theoretical hole you are trying to close still exist on threads running on
other cpu.
time ----->
(cpu A) set_dumpable victim (thread1), issue IBPB
(cpu B) attacker -> victim (thread2), missed IBPB -> attacker
-> victim (IBPB issued)
That said, I think the risk is minuscule and is not worth the cost to set IBPB
on the other cpus.
Tim
