Re: [Patch v3 12/13] x86/speculation: Protect non-dumpable processes against Spectre v2 attack

From: Thomas Gleixner
Date: Thu Oct 18 2018 - 11:17:47 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH stable v4.4+] usb: gadget: serial: fix oops when data rx'd after close"
Previous message: Vasily Khoruzhick: "Re: [PATCH 7/9] arm64: allwinner: a64: enable ANX6345 bridge on Pinebook"
In reply to: Tim Chen: "[Patch v3 12/13] x86/speculation: Protect non-dumpable processes against Spectre v2 attack"
Next in thread: Tim Chen: "[Patch v3 13/13] x86/speculation: Create PRCTL interface to restrict indirect branch speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Oct 2018, Tim Chen wrote:
> +void arch_set_dumpable(struct task_struct *tsk, unsigned int value)
> +{
> + bool update;
> +
> + if (!static_branch_unlikely(&spectre_v2_app_lite))
> + return;
> + if (!static_cpu_has(X86_FEATURE_STIBP))
> + return;
> + if (spectre_v2_app2app_enabled == SPECTRE_V2_APP2APP_NONE)
> + return;

Can spectre_v2_app_lite be enabled when the cpu does not support STIBP or
spectre_v2_app2app_enabled is not set to SPECTRE_V2_APP2APP_CMD_LITE?

No it cannot. So checking the static key is sufficient.

Thanks,

tglx

Next message: Greg Kroah-Hartman: "Re: [PATCH stable v4.4+] usb: gadget: serial: fix oops when data rx'd after close"
Previous message: Vasily Khoruzhick: "Re: [PATCH 7/9] arm64: allwinner: a64: enable ANX6345 bridge on Pinebook"
In reply to: Tim Chen: "[Patch v3 12/13] x86/speculation: Protect non-dumpable processes against Spectre v2 attack"
Next in thread: Tim Chen: "[Patch v3 13/13] x86/speculation: Create PRCTL interface to restrict indirect branch speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]