Re: [PATCH 2/2] x86/speculation: Provide application property based STIBP protection

[Tim Chen]

On 09/20/2018 01:00 AM, Peter Zijlstra wrote:
> On Wed, Sep 19, 2018 at 02:35:30PM -0700, Tim Chen wrote:
>> This patch provides an application property based spectre_v2
>> protection with STIBP against attack from another app from
>> a sibling hyper-thread.  For security sensitive non-dumpable
>> app, STIBP will be turned on before switching to it for Intel
>> processors vulnerable to spectre_v2.
> 
> Why does that non dumpable thing make sense? Why not use the same
> prctl() we already use for SSBD?
> 

Something like the following?

   prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, 0, 0, 0);
   prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_ENABLE, 0, 0);
   prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_DISABLE, 0, 0);
   prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_SPECTREV2_APP, PR_SPEC_FORCE_DISABLE, 0, 0);

People may have already made changes to their app using non-dumpable to mitigate app-app
attack.  So I think we should still protect the non-dumpable processes so they don't
have to change their application code.

Tim