Re: [PATCH 3/7] x86/enter: Use IBRS on syscall and interrupts
From: Alan Cox
Date: Fri Jan 05 2018 - 07:01:47 EST
On Thu, 4 Jan 2018 21:11:23 -0800
Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
> On 01/04/2018 08:51 PM, Andy Lutomirski wrote:
> > Do we need an arch_prctl() to enable IBRS for user mode?
>
> Eventually, once the dust settles. I think there's a spectrum of
> paranoia here, that is roughly (with increasing paranoia):
>
> 1. do nothing
> 2. do retpoline
> 3. do IBRS in kernel
> 4. do IBRS always
>
> I think you're asking for ~3.5.
And we'll actually end up with cgroups needing to handle this and a prctl
because the answer is simply not a systemwide single constant. To start
with if my code has CAP_SYS_RAWIO who gives a **** about IBRS protecting
it.
Likewise on many real world systems I trust my base OS (or I might as
well turn off the power) I sort of trust my apps, and I deeply distrust
my web browser which itself probably wants to turn some of the
protections on for crap like javascript and webassembly.
If I'm running containers well my desktop is probably #2 and my container
#3 or #4
There's no point getting hung up about a single magic default number,
because that's not how it's going to end up.
Alan