From: Thomas Gleixner <tglx@linutronix.de>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Jiri Kosina <jikos@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Casey Schaufler <casey.schaufler@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Jon Masters <jcm@redhat.com>, Waiman Long <longman9394@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Dave Stewart <david.c.stewart@intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
stable@vger.kernel.org, Jiri Kosina <jkosina@suse.cz>
Subject: Re: [Patch v7 14/18] x86/speculation: Add 'seccomp' Spectre v2 app to app protection mode
Date: Wed, 21 Nov 2018 14:52:40 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.21.1811211451250.1665@nanos.tec.linutronix.de> (raw)
In-Reply-To: <fc2524a59454509f505e120b0b63d60efcadfc98.1542758656.git.tim.c.chen@linux.intel.com>
On Tue, 20 Nov 2018, Tim Chen wrote:
> According to software guidance:
>
> "Setting ... STIBP ... on a logical processor prevents the predicted
> targets of indirect branches on any logical processor of that core
> from being controlled by software that executes (or executed
> previously) on another logical processor of the same core."
>
> https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors
>
> Hence setting STIBP on a sandboxed task will prevent the task
> from attacking other sibling threads or getting attacked.
That's not sufficient, because you need an IBPB when the sandboxed task is
switched out.
Thanks,
tglx
next prev parent reply other threads:[~2018-11-21 13:53 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 0:08 [Patch v7 00/18] Provide task property based options to enable Spectre v2 userspace-userspace protection Tim Chen
2018-11-21 0:08 ` [Patch v7 01/18] x86/speculation: Clean up spectre_v2_parse_cmdline() Tim Chen
2018-11-21 0:08 ` [Patch v7 02/18] x86/speculation: Remove unnecessary ret variable in cpu_show_common() Tim Chen
2018-11-21 0:08 ` [Patch v7 03/18] x86/speculation: Reorganize cpu_show_common() Tim Chen
2018-11-21 0:08 ` [Patch v7 04/18] x86/speculation: Add X86_FEATURE_USE_IBRS_ENHANCED Tim Chen
2018-11-21 0:08 ` [Patch v7 05/18] x86/speculation: Disable STIBP when enhanced IBRS is in use Tim Chen
2018-11-21 0:08 ` [Patch v7 06/18] x86/speculation: Rename SSBD update functions Tim Chen
2018-11-21 0:08 ` [Patch v7 07/18] x86/speculation: Reorganize speculation control MSRs update Tim Chen
2018-11-21 0:08 ` [Patch v7 08/18] smt: Create cpu_smt_enabled static key for SMT specific code Tim Chen
2018-11-21 0:08 ` [Patch v7 09/18] x86/smt: Convert cpu_smt_control check to cpu_smt_enabled static key Tim Chen
2018-11-21 13:38 ` Thomas Gleixner
2018-11-21 0:08 ` [Patch v7 10/18] x86/speculation: Turn on or off STIBP according to a task's TIF_STIBP Tim Chen
2018-11-21 13:33 ` Thomas Gleixner
2018-11-21 0:08 ` [Patch v7 11/18] x86/speculation: Add Spectre v2 app to app protection modes Tim Chen
2018-11-21 0:08 ` [Patch v7 12/18] x86/speculation: Create PRCTL interface to restrict indirect branch speculation Tim Chen
2018-11-21 0:08 ` [Patch v7 13/18] x86/speculation: Enable IBPB for tasks with TIF_SPEC_BRANCH_SPECULATION Tim Chen
2018-11-21 0:08 ` [Patch v7 14/18] x86/speculation: Add 'seccomp' Spectre v2 app to app protection mode Tim Chen
2018-11-21 13:52 ` Thomas Gleixner [this message]
2018-11-21 18:16 ` Tim Chen
2018-11-21 22:29 ` Tim Chen
2018-11-21 22:39 ` Thomas Gleixner
2018-11-21 0:08 ` [Patch v7 15/18] security: Update speculation restriction of a process when modifying its dumpability Tim Chen
2018-11-21 0:08 ` [Patch v7 16/18] x86/speculation: Use STIBP to restrict speculation on non-dumpable task Tim Chen
2018-11-21 0:08 ` [Patch v7 17/18] sched/smt: Make sched_smt_present track topology Tim Chen
2018-11-21 0:08 ` [Patch v7 18/18] x86/smt: Allow disabling of SMT when last SMT is offlined Tim Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1811211451250.1665@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=casey.schaufler@intel.com \
--cc=dave.hansen@intel.com \
--cc=david.c.stewart@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=jikos@kernel.org \
--cc=jkosina@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman9394@gmail.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).