On 10/02/2018 02:35 AM, Ingo Molnar wrote: > > * Tim Chen <tim.c.c...@linux.intel.com> wrote: > >> To migitgate possible app to app attack from branch target buffer poisoning, >> a new prctl is provided to control branch speculation for applications in >> user app. The following interfaces are provided: > > s/migitgate > /mitigate > >> >> prctl(PR_SET_SPECULATION_CTRL, PR_INDIR_BRANCH, PR_SPEC_DISABLE, 0, 0); >> - Disable branch target speculation to protect against app to app >> style attack using IBPB and STIBP >> >> prctl(PR_SET_SPECULATION_CTRL, PR_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0); >> - Allow branch target speculation, no mitigation for Spectre V2 >> >> prctl(PR_GET_SPECULATION_CTRL, PR_INDIR_BRANCH, 0, 0, 0) >> - Query the indirect branch speculation restriction on a process > > Well 'a process' is always 'the current process' in this case, right?
Right. > >> - lite - only turn on mitigation for non-dumpable >> processes >> + lite - turn on mitigation for non-dumpable processes >> + or processes that has indirect branch >> restricted >> + via prctl's PR_SET_SPECULATION_CTRL option > > s/or processes that has indirect > /or processes that have been indirect > > ? > >> + /* >> + * If being set on non-current task, delay setting the CPU >> + * mitigation until it is next scheduled. >> + * Use speculative_store_bypass_update will update SPEC_CTRL MSR >> + */ >> + if (task == current && update) >> + speculative_store_bypass_update_current(); > > Did you mean: > > Call to speculative_store_bypass_update_current() will update SPEC_CTRL > MSR Yes. > > ? > > >> - * For lite protection mode, we only protect the non-dumpable >> - * processes. >> + * For lite protection mode, we protect processes >> + * where the user explicitly disable indirect branch >> + * speculation or mark the process as non-dumpable. > > s/where the user explicitly disable > /where the user explicitly disables > > ? > > Thanks, > > Ingo > Thanks for the corrections. I'll update the patchset. Tim
