Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process

From: Peter Zijlstra
Date: Sun Jan 21 2018 - 06:23:11 EST

Next message: Peter Zijlstra: "Re: What does âstopâ in âstop_sched_classâ mean?"
Previous message: Rask Ingemann Lambertsen: "Re: [RFC PATCH 8/9] ARM: dts: suniv: add initial DTSI file for suniv and F1C100s"
In reply to: Tim Chen: "Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process"
Next in thread: David Woodhouse: "Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 20, 2018 at 08:22:55PM +0100, KarimAllah Ahmed wrote:
> From: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
>
> Flush indirect branches when switching into a process that marked
> itself non dumpable. This protects high value processes like gpg
> better, without having too high performance overhead.

So if I understand it right, this is only needed if the 'other'
executable itself is susceptible to spectre. If say someone audited gpg
for spectre-v1 and build it with retpoline, it would be safe to not
issue the IBPB, right?

So would it make sense to provide an ELF flag / personality thing such
that userspace can indicate its spectre-safe?

I realize that this is all future work, because so far auditing for v1
is a lot of pain (we need better tools), but would it be something that
makes sense in the longer term?

Next message: Peter Zijlstra: "Re: What does âstopâ in âstop_sched_classâ mean?"
Previous message: Rask Ingemann Lambertsen: "Re: [RFC PATCH 8/9] ARM: dts: suniv: add initial DTSI file for suniv and F1C100s"
In reply to: Tim Chen: "Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process"
Next in thread: David Woodhouse: "Re: [RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]