On Tue, 23 Jan 2018 18:07:19 +0100 Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Jan 23, 2018 at 02:07:01PM +0100, Martin Schwidefsky wrote: > > Add the PR_ISOLATE_BP operation to prctl. The effect of the process > > control is to make all branch prediction entries created by the execution > > of the user space code of this task not applicable to kernel code or the > > code of any other task. > > What is the rationale for requiring a per-process *opt-in* for this added > protection? > > For KPTI on x86, the exact opposite approach is being discussed (see, e.g. > http://lkml.kernel.org/r/1515612500-14505-1-git-send-email-w@xxxxxx ): By > default, play it safe, with KPTI enabled. But for "trusted" processes, one > may opt out using prctrl. The rationale is that there are cases where you got code from *somewhere* and want to run it in an isolated context. Think: a docker container that runs under KVM. But with spectre this is still not really safe. So you include a wrapper program in the docker container to use the trap door prctl to start the potential malicious program. Now you should be good, no? -- blue skies, Martin. "Reality continues to ruin my life." - Calvin.
