Re: [PATCH 30/35] x86/speculation: Use Indirect Branch Prediction Barrier in context switch

From: Tim Chen
Date: Fri Jan 19 2018 - 15:26:58 EST


On 01/18/2018 08:03 PM, Kevin Easton wrote:
> On Thu, Jan 18, 2018 at 04:38:32PM -0800, Tim Chen wrote:
>> On 01/18/2018 05:48 AM, Peter Zijlstra wrote:
>>>
>>> + /*
>>> + * Avoid user/user BTB poisoning by flushing the branch predictor
>>> + * when switching between processes. This stops one process from
>>> + * doing spectre-v2 attacks on another process's data.
>>> + */
>>> + indirect_branch_prediction_barrier();
>>> +
>>
>> Some optimizations can be done here to avoid overhead in barrier call.
>>
>> For example, don't do the barrier if prev and next mm are
>> the same. If the two process trust each other, or the new process
>> already have rights to look into the previous process,
>> the barrier could be skipped.
>
> Isn't it the other way around with the BTB poisoning? previous is
> potentially attacking next, so the barrier can be avoided only if previous
> is allowed to ptrace next?
>

Yes, if the next process don't trust the previous process, then
doing a prediction barrier before the context switch makes sense.

Tim