Re: [PATCH 1/5] prctl: add PR_ISOLATE_BP process control

From: Martin Schwidefsky
Date: Wed Jan 24 2018 - 01:30:13 EST


On Tue, 23 Jan 2018 18:07:19 +0100
Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote:
> > Add the PR_ISOLATE_BP operation to prctl. The effect of the process
> > control is to make all branch prediction entries created by the execution
> > of the user space code of this task not applicable to kernel code or the
> > code of any other task.
>
> What is the rationale for requiring a per-process *opt-in* for this added
> protection?
>
> For KPTI on x86, the exact opposite approach is being discussed (see, e.g.
> http://lkml.kernel.org/r/1515612500-14505-1-git-send-email-w@xxxxxx ): By
> default, play it safe, with KPTI enabled. But for "trusted" processes, one
> may opt out using prctrl.

The rationale is that there are cases where you got code from *somewhere*
and want to run it in an isolated context. Think: a docker container that
runs under KVM. But with spectre this is still not really safe. So you
include a wrapper program in the docker container to use the trap door
prctl to start the potential malicious program. Now you should be good, no?

--
blue skies,
Martin.

"Reality continues to ruin my life." - Calvin.