Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86/pti update from Thomas Gleixner: "Just a single change from the anti-performance departement: - Add a new PR_SPEC_DISABLE_NOEXEC option which allows to apply the speculation protections on a process without inheriting the state on exec. This remedies a situation where a Java-launcher has speculation protections enabled because that's the default for JVMs which causes the launched regular harmless processes to inherit the protection state which results in unintended performance degradation" * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/speculation: Add PR_SPEC_DISABLE_NOEXEC
This commit is contained in:
commit
edaed168e1
@ -28,18 +28,20 @@ PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
|
||||
which is selected with arg2 of prctl(2). The return value uses bits 0-3 with
|
||||
the following meaning:
|
||||
|
||||
==== ===================== ===================================================
|
||||
Bit Define Description
|
||||
==== ===================== ===================================================
|
||||
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
|
||||
PR_SET_SPECULATION_CTRL.
|
||||
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
|
||||
disabled.
|
||||
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
|
||||
enabled.
|
||||
3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
|
||||
subsequent prctl(..., PR_SPEC_ENABLE) will fail.
|
||||
==== ===================== ===================================================
|
||||
==== ====================== ==================================================
|
||||
Bit Define Description
|
||||
==== ====================== ==================================================
|
||||
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
|
||||
PR_SET_SPECULATION_CTRL.
|
||||
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
|
||||
disabled.
|
||||
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
|
||||
enabled.
|
||||
3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
|
||||
subsequent prctl(..., PR_SPEC_ENABLE) will fail.
|
||||
4 PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be
|
||||
cleared on :manpage:`execve(2)`.
|
||||
==== ====================== ==================================================
|
||||
|
||||
If all bits are 0 the CPU is not affected by the speculation misfeature.
|
||||
|
||||
@ -92,6 +94,7 @@ Speculation misfeature controls
|
||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
|
||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
|
||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0);
|
||||
|
||||
- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
|
||||
(Mitigate Spectre V2 style attacks against user processes)
|
||||
|
@ -798,15 +798,25 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
|
||||
if (task_spec_ssb_force_disable(task))
|
||||
return -EPERM;
|
||||
task_clear_spec_ssb_disable(task);
|
||||
task_clear_spec_ssb_noexec(task);
|
||||
task_update_spec_tif(task);
|
||||
break;
|
||||
case PR_SPEC_DISABLE:
|
||||
task_set_spec_ssb_disable(task);
|
||||
task_clear_spec_ssb_noexec(task);
|
||||
task_update_spec_tif(task);
|
||||
break;
|
||||
case PR_SPEC_FORCE_DISABLE:
|
||||
task_set_spec_ssb_disable(task);
|
||||
task_set_spec_ssb_force_disable(task);
|
||||
task_clear_spec_ssb_noexec(task);
|
||||
task_update_spec_tif(task);
|
||||
break;
|
||||
case PR_SPEC_DISABLE_NOEXEC:
|
||||
if (task_spec_ssb_force_disable(task))
|
||||
return -EPERM;
|
||||
task_set_spec_ssb_disable(task);
|
||||
task_set_spec_ssb_noexec(task);
|
||||
task_update_spec_tif(task);
|
||||
break;
|
||||
default:
|
||||
@ -885,6 +895,8 @@ static int ssb_prctl_get(struct task_struct *task)
|
||||
case SPEC_STORE_BYPASS_PRCTL:
|
||||
if (task_spec_ssb_force_disable(task))
|
||||
return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
|
||||
if (task_spec_ssb_noexec(task))
|
||||
return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;
|
||||
if (task_spec_ssb_disable(task))
|
||||
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
|
||||
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
|
||||
|
@ -255,6 +255,18 @@ void arch_setup_new_exec(void)
|
||||
/* If cpuid was previously disabled for this task, re-enable it. */
|
||||
if (test_thread_flag(TIF_NOCPUID))
|
||||
enable_cpuid();
|
||||
|
||||
/*
|
||||
* Don't inherit TIF_SSBD across exec boundary when
|
||||
* PR_SPEC_DISABLE_NOEXEC is used.
|
||||
*/
|
||||
if (test_thread_flag(TIF_SSBD) &&
|
||||
task_spec_ssb_noexec(current)) {
|
||||
clear_thread_flag(TIF_SSBD);
|
||||
task_clear_spec_ssb_disable(current);
|
||||
task_clear_spec_ssb_noexec(current);
|
||||
speculation_ctrl_update(task_thread_info(current)->flags);
|
||||
}
|
||||
}
|
||||
|
||||
static inline void switch_to_bitmap(struct thread_struct *prev,
|
||||
|
@ -1453,6 +1453,7 @@ static inline bool is_percpu_thread(void)
|
||||
#define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/
|
||||
#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */
|
||||
#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */
|
||||
#define PFA_SPEC_SSB_NOEXEC 7 /* Speculative Store Bypass clear on execve() */
|
||||
|
||||
#define TASK_PFA_TEST(name, func) \
|
||||
static inline bool task_##func(struct task_struct *p) \
|
||||
@ -1481,6 +1482,10 @@ TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||
TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||
TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||
|
||||
TASK_PFA_TEST(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||
TASK_PFA_SET(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||
TASK_PFA_CLEAR(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||
|
||||
TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
||||
TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
||||
|
||||
|
@ -219,6 +219,7 @@ struct prctl_mm_map {
|
||||
# define PR_SPEC_ENABLE (1UL << 1)
|
||||
# define PR_SPEC_DISABLE (1UL << 2)
|
||||
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
|
||||
/* Reset arm64 pointer authentication keys */
|
||||
#define PR_PAC_RESET_KEYS 54
|
||||
|
@ -219,6 +219,7 @@ struct prctl_mm_map {
|
||||
# define PR_SPEC_ENABLE (1UL << 1)
|
||||
# define PR_SPEC_DISABLE (1UL << 2)
|
||||
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
|
||||
/* Reset arm64 pointer authentication keys */
|
||||
#define PR_PAC_RESET_KEYS 54
|
||||
|
Loading…
Reference in New Issue
Block a user