Re: [PATCH 2/2] x86/speculation: Provide application property based STIBP protection
From: Tim Chen
Date: Thu Sep 20 2018 - 13:32:35 EST
On 09/20/2018 01:00 AM, Peter Zijlstra wrote:
> On Wed, Sep 19, 2018 at 02:35:30PM -0700, Tim Chen wrote:
>> This patch provides an application property based spectre_v2
>> protection with STIBP against attack from another app from
>> a sibling hyper-thread. For security sensitive non-dumpable
>> app, STIBP will be turned on before switching to it for Intel
>> processors vulnerable to spectre_v2.
>
> Why does that non dumpable thing make sense? Why not use the same
> prctl() we already use for SSBD?
>
Something like the following?
prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, 0, 0, 0);
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_ENABLE, 0, 0);
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_DISABLE, 0, 0);
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_FORCE_DISABLE, 0, 0);
People may have already made changes to their app using non-dumpable to mitigate app-app
attack. So I think we should still protect the non-dumpable processes so they don't
have to change their application code.
Tim