On Mon, 19 Nov 2018, Jiri Kosina wrote: > On Mon, 19 Nov 2018, Thomas Gleixner wrote: > > > > On Sat, 17 Nov 2018, Jiri Kosina wrote: > > > > > Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite > > > mode > > > > > > If 'lite' mode of app2app protection from spectre_v2 is selected on > > > kernel command-line, we are currently applying STIBP protection to > > > non-dumpable tasks, and tasks that have explicitly requested such > > > protection via > > > > > > prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, > > > 0); > > > > > > Let's extend this to cover also SECCOMP tasks (analogically to how we > > > apply SSBD protection). > > > > Right. And SSBD does not fiddle with dumpable. > > > > Willy had concerns about the (ab)use of dumpable so I'm holding off on that > > bit for now. > > Yeah. IBPB implementation used to check the dumpability of tasks during > rescheduling, but that went away later. > > I still think that ideally that 'app2app' setting would toggle how IBPB is > being used as well, something along the lines: > > lite: > - STIBP for the ones marked via prctl() and SECCOMP with the TIF_ > flag > - ibpb_needed() returning true for the same > > strict: > - STIBP: as currently implemented > - ibpb_needed() returning always true > > off: > - neither STIBP nor IBPB applied ever > > That's give us also some % of performance lost via IBPB back. > > Makes sense?
Except for the naming convention, yes. See other mail. Thanks, tglx