On 24/05/18 13:01, Mark Rutland wrote: > On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote: >> In order to allow userspace to be mitigated on demand, let's >> introduce a new thread flag that prevents the mitigation from >> being turned off when exiting to userspace, and doesn't turn >> it on on entry into the kernel (with the assumtion that the > > Nit: s/assumtion/assumption/ > >> mitigation is always enabled in the kernel itself). >> >> This will be used by a prctl interface introduced in a later >> patch. >> >> Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx> > > On the assumption that this flag cannot be flipped while a task is in > userspace: Well, that's the case unless you get into the seccomp thing, which does change TIF_SSBD on all threads of the task, without taking it to the kernel first. That nicely breaks the state machine, and you end-up running non-mitigated in the kernel. Oops. I have a couple of patches fixing that, using a second flag (TIF_SSBD_PENDING) that gets turned into the real thing on exit to userspace. It's pretty ugly though. Thanks, M. -- Jazz is not dead. It just smells funny... _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
