On Thu, 4 Jan 2018 21:11:23 -0800 Dave Hansen <dave.han...@intel.com> wrote:
> On 01/04/2018 08:51 PM, Andy Lutomirski wrote: > > Do we need an arch_prctl() to enable IBRS for user mode? > > Eventually, once the dust settles. I think there's a spectrum of > paranoia here, that is roughly (with increasing paranoia): > > 1. do nothing > 2. do retpoline > 3. do IBRS in kernel > 4. do IBRS always > > I think you're asking for ~3.5. And we'll actually end up with cgroups needing to handle this and a prctl because the answer is simply not a systemwide single constant. To start with if my code has CAP_SYS_RAWIO who gives a **** about IBRS protecting it. Likewise on many real world systems I trust my base OS (or I might as well turn off the power) I sort of trust my apps, and I deeply distrust my web browser which itself probably wants to turn some of the protections on for crap like javascript and webassembly. If I'm running containers well my desktop is probably #2 and my container #3 or #4 There's no point getting hung up about a single magic default number, because that's not how it's going to end up. Alan
