From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: ACJfBoulPcEC/NDkc7RtnaReWLHNiH51qJqU1TptDYdX74P6nq5h7Q3aw43FthXb9/vv5ZSuB9ln ARC-Seal: i=1; a=rsa-sha256; t=1516393608; cv=none; d=google.com; s=arc-20160816; b=paa8BzrzYmiGbwyAGO4G2aYk8YNJfMLJh2ItUvBCRmUOzHPltcno9brzkP9TFJ4c94 xc+eboGt9sGP9+pmEj1dkTRoO19yBwRuJ9bGGGWwEdsSYRJDK+ShC7Hh2ETDfA0Z23L1 mVbfIqaWUE35X2FC9jxMCTsLw8sbyO10uWBet50hh7sSshIvIjkJTJDHm8Qyzl4WT43h ekf+5Ju9e5SP4XnJbiwbcMvdKbcIVBgrIiyPR6W+nvib8TJVoLZLrVbbr8UBRBmPAq5m N+zjKx0oMFlfd41SCptqLzy0rVxYikhxl37xnqXVKu26EduNdrKNGaCSxHys7LbdhFxi Q0Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject :arc-authentication-results; bh=HoRnkEFxskEWbUAG7aH02jwh23/vMysw7gdeCqYRyAQ=; b=L1d889pt/17skFmgQDvpkbYr07yLG91mghn2uxs77d4gWPYbycHb2v8UQ00/eTr9w/ 1WE73xL2fZkcCoCg/ay6QXCqvfaNNlsQcv6fR3qGqKHLdfJ7D/j+oo5aaJvFKsFrZ52A w3lTmr51RWtpHdHkdHPmxHrVfA+YE0GbxduGCkK0WhUQWDnxNRUPXxRqlRMLjbcs/Ngx t4S0U04uxu3+jrGDD6//sMkjYOzR51dB+0GRcVn42zcbijZg8OvUVLuOIiEy3vakR9k+ vYo5LZyAUtmBCMUFCWyfn4u1Wa4gQ+i/P0OQ3xXp84OSnIPHLpXtgOq50um1/WLYw2zg nXVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of tim.c.chen@linux.intel.com designates 134.134.136.100 as permitted sender) smtp.mailfrom=tim.c.chen@linux.intel.com Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of tim.c.chen@linux.intel.com designates 134.134.136.100 as permitted sender) smtp.mailfrom=tim.c.chen@linux.intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,382,1511856000"; d="scan'208";a="197016215" Subject: Re: [PATCH 30/35] x86/speculation: Use Indirect Branch Prediction Barrier in context switch To: Kevin Easton Cc: Peter Zijlstra , David Woodhouse , Thomas Gleixner , Josh Poimboeuf , linux-kernel@vger.kernel.org, Dave Hansen , Ashok Raj , Andy Lutomirski , Linus Torvalds , Greg KH , Andrea Arcangeli , Andi Kleen , Arjan Van De Ven , Dan Williams , Paolo Bonzini , Jun Nakajima , Asit Mallick , Jason Baron References: <20180118134800.711245485@infradead.org> <20180118140153.257709600@infradead.org> <3a3c86d1-d15a-ec98-a9c0-e7a43f5c9cc5@linux.intel.com> <20180119040329.GA21544@la.guarana.org> From: Tim Chen Message-ID: <510876ab-97cd-9ec9-cc5e-0a2db038704b@linux.intel.com> Date: Fri, 19 Jan 2018 12:26:46 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <20180119040329.GA21544@la.guarana.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcSW1wb3J0YW50Ig==?= X-GMAIL-THRID: =?utf-8?q?1589979186687852310?= X-GMAIL-MSGID: =?utf-8?q?1590053944099961737?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On 01/18/2018 08:03 PM, Kevin Easton wrote: > On Thu, Jan 18, 2018 at 04:38:32PM -0800, Tim Chen wrote: >> On 01/18/2018 05:48 AM, Peter Zijlstra wrote: >>> >>> + /* >>> + * Avoid user/user BTB poisoning by flushing the branch predictor >>> + * when switching between processes. This stops one process from >>> + * doing spectre-v2 attacks on another process's data. >>> + */ >>> + indirect_branch_prediction_barrier(); >>> + >> >> Some optimizations can be done here to avoid overhead in barrier call. >> >> For example, don't do the barrier if prev and next mm are >> the same. If the two process trust each other, or the new process >> already have rights to look into the previous process, >> the barrier could be skipped. > > Isn't it the other way around with the BTB poisoning? previous is > potentially attacking next, so the barrier can be avoided only if previous > is allowed to ptrace next? > Yes, if the next process don't trust the previous process, then doing a prediction barrier before the context switch makes sense. Tim