On Thu, Sep 06, 2018 at 10:32:38AM +0200, Jiri Kosina wrote:
> From: Jiri Kosina <[email protected]>
>
> Currently, we are issuing IBPB only in cases when switching into a
> non-dumpable
> process, the rationale being to protect such 'important and security
> sensitive'
> processess (such as GPG) from data leak into a different userspace process via
> spectre v2.
>
> This is however completely insufficient to provide proper
> userspace-to-userpace
> spectrev2 protection, as any process can poison branch buffers before being
> scheduled out, and the newly scheduled process immediately becomes spectrev2
"becomes a"
> victim.
>
> In order to minimize the performance impact (for usecases that do require
> spectrev2 protection), issue the barrier only in cases when switching between
> processess where the victim can't be ptraced by the potential attacker (as in
"processes"
> such cases, the attacker doesn't have to bother with branch buffers at all).
>
> Fixes: 18bf3c3ea8 ("x86/speculation: Use Indirect Branch Prediction Barrier
> in context switch")
> Originally-by: Tim Chen <[email protected]>
> Signed-off-by: Jiri Kosina <[email protected]>
Reviewed-by: Josh Poimboeuf <[email protected]>
--
Josh
