> On Nov 25, 2018, at 2:20 PM, Thomas Gleixner <t...@linutronix.de> wrote: > > On Sun, 25 Nov 2018, Andi Kleen wrote: > >>> The current check whether two tasks belong to the same context is using the >>> tasks context id. While correct, it's simpler to use the mm pointer because >>> it allows to mangle the TIF_SPEC_IB bit into it. The context id based >>> mechanism requires extra storage, which creates worse code. >> >> [We tried similar in some really early versions, but it was replaced >> with the context id later.] >> >> One issue with using the pointer is that the pointer can be reused >> when the original mm_struct is freed, and then gets reallocated >> immediately to an attacker. Then the attacker may avoid the IBPB. >> >> Given it's probably hard to generate any reasonable leak bandwidth with >> such a complex scenario, but it still seemed better to close the hole. > > Sorry, but that's really a purely academic exercise. > > I would guess that it’s actually very easy to force mm_struct* reuse. Don’t the various allocators try to allocate hot memory? There’s nothing hotter than a just-freed allocation of the same size. Can someone explain the actual problem with ctx_id? If you just need an extra bit, how about: 2*ctx_id vs 2*ctx_id+1 Or any of the many variants of approximately the same thing? —Andy
- [patch V2 09/28] x86/Kconfig: Select SCHED_SMT if SMP ena... Thomas Gleixner
- [patch V2 11/28] x86/speculation: Rework SMT state change Thomas Gleixner
- [patch V2 05/28] x86/speculation: Disable STIBP when enha... Thomas Gleixner
- [patch V2 04/28] x86/speculation: Reorganize cpu_show_com... Thomas Gleixner
- Re: [patch V2 04/28] x86/speculation: Reorganize cpu... Borislav Petkov
- [patch V2 22/28] ptrace: Remove unused ptrace_may_access_... Thomas Gleixner
- [patch V2 21/28] x86/speculation: Prepare for conditional... Thomas Gleixner
- Re: [patch V2 21/28] x86/speculation: Prepare for co... Thomas Gleixner
- Re: [patch V2 21/28] x86/speculation: Prepare for co... Andi Kleen
- Re: [patch V2 21/28] x86/speculation: Prepare fo... Thomas Gleixner
- Re: [patch V2 21/28] x86/speculation: Prepar... Andy Lutomirski
- Re: [patch V2 21/28] x86/speculation: Pr... Thomas Gleixner
- Re: [patch V2 21/28] x86/speculatio... Ingo Molnar
- Re: [patch V2 21/28] x86/speculation: Prepar... Andi Kleen
- Re: [patch V2 21/28] x86/speculation: Pr... Thomas Gleixner
- [patch V2 17/28] x86/speculation: Add command line contro... Thomas Gleixner
- [patch V2 18/28] x86/speculation: Prepare for per task in... Thomas Gleixner
- Re: [patch V2 18/28] x86/speculation: Prepare for pe... Lendacky, Thomas
- Re: [patch V2 18/28] x86/speculation: Prepare fo... Tim Chen
- Re: [patch V2 18/28] x86/speculation: Prepar... Thomas Gleixner
- Re: [patch V2 18/28] x86/speculation: Prepare fo... Thomas Gleixner
