Re: [PATCH 0/2] Backport IBPB on context switch to non-dumpable process
From: Woodhouse, David
Date: Sat Mar 03 2018 - 06:39:39 EST
On Sat, 2018-03-03 at 09:54 +0100, Greg Kroah-Hartman wrote:
> On Fri, Mar 02, 2018 at 01:32:08PM -0800, Tim Chen wrote:
> >
> > Greg,
> >
> > I will like to propose backporting "x86/speculation: Use Indirect Branch
> > Prediction Barrier on context switch" from commit 18bf3c3e in upstream
> > to 4.9 and 4.4 stable.ÂÂThe patch has already been ported to 4.14 and
> > 4.15 stable.ÂÂThe patch needs mm context id that Andy added in commit
> > f39681ed. I have lifted the mm context id change from Andy's upstream
> > patch and included it here.
>
> What does this patch "fix" in those older kernels?ÂÂIs this a
> performance improvement or something else?
It's part of the Spectre variant 2 mitigation â a full flush of the
branch prediction on context switch to a sensitive process. It was the
one I called out as "needs more attention" when I did the rest of the
retpoline etc backportingk, and Tim has now fixed it up. (Thanks).
 for now, "sensitive" means non-dumpable. This isn't perfect but it's
a reasonable approximation for now; it would be too expensive to do it
on *every* context switch. And for your purposes, the important part is
that it's what's upstream.Attachment:
smime.p7s
Description: S/MIME cryptographic signature