lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1520077075.7929.4.camel@amazon.co.uk>
Date:   Sat, 3 Mar 2018 12:37:55 +0100
From:   "Woodhouse, David" <dwmw@...zon.co.uk>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Tim Chen <tim.c.chen@...ux.intel.com>
CC:     <stable@...r.kernel.org>, Andy Lutomirski <luto@...nel.org>,
        Nadav Amit <nadav.amit@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...el.com>,
        "Linus Torvalds" <torvalds@...ux-foundation.org>,
        Mel Gorman <mgorman@...e.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Rik van Riel <riel@...hat.com>,
        "Ingo Molnar" <mingo@...nel.org>, <ak@...ux.intel.com>,
        <karahmed@...zon.de>, <pbonzini@...hat.com>, <linux-mm@...ck.org>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/2] Backport IBPB on context switch to non-dumpable
 process

On Sat, 2018-03-03 at 09:54 +0100, Greg Kroah-Hartman wrote:
> On Fri, Mar 02, 2018 at 01:32:08PM -0800, Tim Chen wrote:
> > 
> > Greg,
> > 
> > I will like to propose backporting "x86/speculation: Use Indirect Branch
> > Prediction Barrier on context switch" from commit 18bf3c3e in upstream
> > to 4.9 and 4.4 stable.  The patch has already been ported to 4.14 and
> > 4.15 stable.  The patch needs mm context id that Andy added in commit
> > f39681ed. I have lifted the mm context id change from Andy's upstream
> > patch and included it here.
>
> What does this patch "fix" in those older kernels?  Is this a
> performance improvement or something else?

It's part of the Spectre variant 2 mitigation — a full flush of the
branch prediction on context switch to a sensitive¹ process. It was the
one I called out as "needs more attention" when I did the rest of the
retpoline etc backportingk, and Tim has now fixed it up. (Thanks).




¹ for now, "sensitive" means non-dumpable. This isn't perfect but it's
a reasonable approximation for now; it would be too expensive to do it
on *every* context switch. And for your purposes, the important part is
that it's what's upstream.
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5210 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ