On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote: > Add the PR_ISOLATE_BP operation to prctl. The effect of the process > control is to make all branch prediction entries created by the execution > of the user space code of this task not applicable to kernel code or the > code of any other task. What is the rationale for requiring a per-process *opt-in* for this added protection? For KPTI on x86, the exact opposite approach is being discussed (see, e.g. http://lkml.kernel.org/r/1515612500-14505-1-git-send-email-w@xxxxxx ): By default, play it safe, with KPTI enabled. But for "trusted" processes, one may opt out using prctrl. Thanks, Dominik
