On Mon, 19 Nov 2018, Jiri Kosina wrote:
> On Mon, 19 Nov 2018, Thomas Gleixner wrote:
>
> > > On Sat, 17 Nov 2018, Jiri Kosina wrote:
> >
> > > Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite
> > > mode
> > >
> > > If 'lite' mode of app2app protection from spectre_v2 is selected on
> > > kernel command-line, we are currently applying STIBP protection to
> > > non-dumpable tasks, and tasks that have explicitly requested such
> > > protection via
> > >
> > > prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0,
> > > 0);
> > >
> > > Let's extend this to cover also SECCOMP tasks (analogically to how we
> > > apply SSBD protection).
> >
> > Right. And SSBD does not fiddle with dumpable.
> >
> > Willy had concerns about the (ab)use of dumpable so I'm holding off on that
> > bit for now.
>
> Yeah. IBPB implementation used to check the dumpability of tasks during
> rescheduling, but that went away later.
>
> I still think that ideally that 'app2app' setting would toggle how IBPB is
> being used as well, something along the lines:
>
> lite:
> - STIBP for the ones marked via prctl() and SECCOMP with the TIF_
> flag
> - ibpb_needed() returning true for the same
>
> strict:
> - STIBP: as currently implemented
> - ibpb_needed() returning always true
>
> off:
> - neither STIBP nor IBPB applied ever
>
> That's give us also some % of performance lost via IBPB back.
>
> Makes sense?
Except for the naming convention, yes. See other mail.
Thanks,
tglx
