[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAN_oZf3HkO5+f5OJibGpsnnu1Khnx5mxdSimL9bDBbs+33ka0A@mail.gmail.com>
Date: Tue, 29 Sep 2020 13:22:48 -0400
From: Anthony Steinhauser <asteinhauser@...gle.com>
To: Will Deacon <will@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>, catalin.marinas@....com,
maz@...nel.org
Subject: Re: [PATCH v2] PR_SPEC_DISABLE_NOEXEC support for arm64.
Thanks a lot Will,
Everything looks good to me now.
On Tue, Sep 29, 2020 at 4:10 AM Will Deacon <will@...nel.org> wrote:
>
> Hi Anthony,
>
...
>
> I'll fold in the diff below, which I think solves the problem above; it's
> closer to what you had originally, just refactored a bit and with the
> execve()/fork() issue fixed.
>
> Will
>
> --->8
>
> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
> index 59f2ceb7a0e5..68b710f1b43f 100644
> --- a/arch/arm64/kernel/proton-pack.c
> +++ b/arch/arm64/kernel/proton-pack.c
> @@ -660,6 +660,20 @@ void spectre_v4_enable_task_mitigation(struct task_struct *tsk)
> * prctl() may be necessary even when PSTATE.SSBS can be toggled directly
> * from userspace.
> */
> +static void ssbd_prctl_enable_mitigation(struct task_struct *task)
> +{
> + task_clear_spec_ssb_noexec(task);
> + task_set_spec_ssb_disable(task);
> + set_tsk_thread_flag(task, TIF_SSBD);
> +}
> +
> +static void ssbd_prctl_disable_mitigation(struct task_struct *task)
> +{
> + task_clear_spec_ssb_noexec(task);
> + task_clear_spec_ssb_disable(task);
> + clear_tsk_thread_flag(task, TIF_SSBD);
> +}
> +
> static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
> {
> switch (ctrl) {
> @@ -679,8 +693,7 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
> if (spectre_v4_mitigations_on())
> return -EPERM;
>
> - task_clear_spec_ssb_disable(task);
> - clear_tsk_thread_flag(task, TIF_SSBD);
> + ssbd_prctl_disable_mitigation(task);
> break;
> case PR_SPEC_FORCE_DISABLE:
> /* Force disable speculation: force enable mitigation */
> @@ -693,28 +706,33 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
>
> task_set_spec_ssb_force_disable(task);
> fallthrough;
> - case PR_SPEC_DISABLE_NOEXEC:
> - /* Disable speculation until execve(): enable mitigation */
> - fallthrough;
> case PR_SPEC_DISABLE:
> /* Disable speculation: enable mitigation */
> /* Same as PR_SPEC_FORCE_DISABLE */
> if (spectre_v4_mitigations_off())
> return -EPERM;
>
> - task_set_spec_ssb_disable(task);
> - set_tsk_thread_flag(task, TIF_SSBD);
> + ssbd_prctl_enable_mitigation(task);
> + break;
> + case PR_SPEC_DISABLE_NOEXEC:
> + /* Disable speculation until execve(): enable mitigation */
> + /*
> + * If the mitigation state is forced one way or the other, then
> + * we must fail now before we try to toggle it on execve().
> + */
> + if (task_spec_ssb_force_disable(task) ||
> + spectre_v4_mitigations_off() ||
> + spectre_v4_mitigations_on()) {
> + return -EPERM;
> + }
> +
> + ssbd_prctl_enable_mitigation(task);
> + task_set_spec_ssb_noexec(task);
> break;
> default:
> return -ERANGE;
> }
>
> - /* Handle the 'noexec' flag separately to save bloating up the switch */
> - if (ctrl == PR_SPEC_DISABLE_NOEXEC)
> - task_set_spec_ssb_noexec(task);
> - else
> - task_clear_spec_ssb_noexec(task);
> -
> spectre_v4_enable_task_mitigation(task);
> return 0;
> }
Powered by blists - more mailing lists