| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c1595800-26d1-da63-d6a9-948133acdfab@linux.intel.com>
Date: Wed, 21 Nov 2018 14:29:29 -0800
From: Tim Chen <tim.c.chen@...ux.intel.com>
To: Jiri Kosina <jikos@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Tom Lendacky <thomas.lendacky@....com>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Asit Mallick <asit.k.mallick@...el.com>,
Arjan van de Ven <arjan@...ux.intel.com>,
Jon Masters <jcm@...hat.com>,
Waiman Long <longman9394@...il.com>,
Greg KH <gregkh@...uxfoundation.org>,
Dave Stewart <david.c.stewart@...el.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
stable@...r.kernel.org, Jiri Kosina <jkosina@...e.cz>
Subject: Re: [Patch v7 14/18] x86/speculation: Add 'seccomp' Spectre v2 app to
app protection mode
On 11/20/2018 04:08 PM, Tim Chen wrote:
> From: Jiri Kosina <jkosina@...e.cz>
>
> If 'prctl' mode of app2app protection from spectre_v2 is selected on
> kernel command-line, we are currently applying STIBP protection to
> tasks that restrict their indirect branch speculation via
>
> prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0);
>
> Let's extend this to cover also SECCOMP tasks (analogically to how we
> apply SSBD protection).
>
> According to software guidance:
>
> "Setting ... STIBP ... on a logical processor prevents the predicted
> targets of indirect branches on any logical processor of that core
> from being controlled by software that executes (or executed
> previously) on another logical processor of the same core."
>
> https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors
>
> Hence setting STIBP on a sandboxed task will prevent the task
> from attacking other sibling threads or getting attacked.
>
> Signed-off-by: Jiri Kosina <jkosina@...e.cz>
> Signed-off-by: Tim Chen <tim.c.chen@...ux.intel.com>
> ---
Will need this chunk added, which I missed in my update of Jiri's patch.
Thanks.
Tim
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c4d010d..d070e84 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -275,6 +275,7 @@ enum spectre_v2_app2app_cmd {
{ "off", SPECTRE_V2_APP2APP_CMD_NONE, false },
{ "on", SPECTRE_V2_APP2APP_CMD_FORCE, true },
{ "prctl", SPECTRE_V2_APP2APP_CMD_PRCTL, false },
+ { "seccomp", SPECTRE_V2_APP2APP_CMD_SECCOMP, false },
};
static void __init spec_v2_app_print_cond(const char *reason, bool secure)
Powered by blists - more mailing lists