[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <nycvar.YFH.7.76.1811182358370.21108@cbobk.fhfr.pm>
Date: Sun, 18 Nov 2018 23:59:52 +0100 (CET)
From: Jiri Kosina <jikos@...nel.org>
To: Tim Chen <tim.c.chen@...ux.intel.com>
cc: Thomas Gleixner <tglx@...utronix.de>,
Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
Waiman Long <longman9394@...il.com>,
linux-kernel@...r.kernel.org, x86@...nel.org
Subject: Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app
protection modes
On Sat, 17 Nov 2018, Jiri Kosina wrote:
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 81d1d5a..9c306e3 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -4215,6 +4215,26 @@
> > Not specifying this option is equivalent to
> > spectre_v2=auto.
> >
> > + spectre_v2_app2app=
> > + [X86] Control mitigation of Spectre variant 2
> > + application to application (indirect branch speculation)
> > + vulnerability.
> > +
> > + off - Unconditionally disable mitigations
> > + lite - Protect tasks which have requested restricted
> > + indirect branch speculation via the
> > + PR_SET_SPECULATION_CTRL prctl().
>
> Don't we also want to do the same for SECCOMP processess, analogically how
> we do it for SSBD?
IOW, how about patch below on top of your series? Thanks.
From: Jiri Kosina <jkosina@...e.cz>
Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite mode
If 'lite' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
non-dumpable tasks, and tasks that have explicitly requested such
protection via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0);
Let's extend this to cover also SECCOMP tasks (analogically to how we
apply SSBD protection).
Signed-off-by: Jiri Kosina <jkosina@...e.cz>
---
Documentation/admin-guide/kernel-parameters.txt | 9 +++++----
arch/x86/kernel/cpu/bugs.c | 2 ++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 102f9a169eec..74f547e5c8f6 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4221,10 +4221,11 @@
vulnerability.
off - Unconditionally disable mitigations
- lite - Protect tasks which are marked non-dumpable
- and tasks which have requested restricted
- indirect branch speculation via the
- PR_SET_SPECULATION_CTRL prctl().
+ lite - Protect tasks which are marked non-dumpable,
+ tasks which have requested restricted indirect
+ branch speculation via the
+ PR_SET_SPECULATION_CTRL prctl() and seccomp
+ tasks.
strict - Protect all processes
auto - Kernel selects the mode
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index e7f9334f18c0..3ec952108e87 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -863,6 +863,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task)
{
if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
+ if (spectre_v2_app2app_enabled == SPECTRE_V2_APP2APP_LITE)
+ set_task_stibp(task, true);
}
#endif
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists