From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mga04.intel.com ([192.55.52.120]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fFqlr-000179-U0 for speck@linutronix.de; Tue, 08 May 2018 02:46:24 +0200 Subject: [MODERATED] Re: [PATCH 5/5] SSB extra v2 5 References: =?utf-8?q?=3C3c3bda?= =?utf-8?q?6cd68a91d9e79ef1da60d481180d544d20=2E1525734796=2Egit=2Edave=2E?= =?utf-8?q?hansen=40intel=2Ecom=3E?= <20180508003632.GH4050@tassilo.jf.intel.com> From: Dave Hansen Message-ID: <1ae07e8f-636f-0cbd-399c-e5d538dc93ea@linux.intel.com> Date: Mon, 7 May 2018 17:46:20 -0700 MIME-Version: 1.0 In-Reply-To: <20180508003632.GH4050@tassilo.jf.intel.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On 05/07/2018 05:36 PM, speck for Andi Kleen wrote: >> + /* To mitigate speculative-store-bypass, we only need >> + * mitigation for programs that write to memory. Mark that >> + * the program needs mitigation if loaded without >> + * CAP_SYS_ADMIN: >> + */ >> + if (env->saw_memory_write && !capable(CAP_SYS_ADMIN)) >> + env->prog->need_mitigation = true; > Flag should have a more descriptive name specific to SSB. > I bet this won't be the last mitigation needed for EBPF :| For now, it *is* generic, though. It's whether the mitigation function gets injected into the call path or not. Once we have multiple things we have to mitigate for at entry/exit, we may need to add some other flags to the bpf_prog that say exactly what mitigations we need, like a "bfp_prog->does_memory_write" that explicitly tells us if we need the SSB mitigation.