On 09/20/2018 01:00 AM, Peter Zijlstra wrote: > On Wed, Sep 19, 2018 at 02:35:30PM -0700, Tim Chen wrote: >> This patch provides an application property based spectre_v2 >> protection with STIBP against attack from another app from >> a sibling hyper-thread. For security sensitive non-dumpable >> app, STIBP will be turned on before switching to it for Intel >> processors vulnerable to spectre_v2. > > Why does that non dumpable thing make sense? Why not use the same > prctl() we already use for SSBD? >
Something like the following? prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, 0, 0, 0); prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_ENABLE, 0, 0); prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_DISABLE, 0, 0); prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_FORCE_DISABLE, 0, 0); People may have already made changes to their app using non-dumpable to mitigate app-app attack. So I think we should still protect the non-dumpable processes so they don't have to change their application code. Tim
