Re: [PATCH libgcrypt v2] Disable CPU speculation-related misfeatures

Guido Trentalancia via Gcrypt-devel Sun, 25 May 2025 13:16:07 -0700

Thanks for pointing this out Collin, here is a revised v2 version of
the patch...


Disable CPU speculation-related misfeatures which are in
fact vulnerabilities causing data leaks:

 - Speculative Store Bypass
 - Indirect Branch Speculation
 - Flush L1D Cache on context switch out of the task

For further information see the kernel documentation:
Documentation/userspace-api/spec_ctrl.rst

--- a/src/global.c      2024-04-26 14:08:12.000000000 +0200
+++ b/src/global.c      2025-05-25 16:03:24.718598884 +0200
@@ -33,6 +33,9 @@
 #ifdef HAVE_SYSLOG
 # include <syslog.h>
 #endif /*HAVE_SYSLOG*/
+#if defined(__linux__)
+#include <sys/prctl.h>
+#endif
 
 #include "g10lib.h"
 #include "gcrypt-testapi.h"
@@ -95,6 +96,28 @@ global_init (void)
     return;
   _gcry_global_any_init_done = 1;
 
+#if defined(__linux__)
+/* Disable CPU speculation-related misfeatures which are in
+ * fact vulnerabilities causing data leaks: see the kernel
+ * documentation: Documentation/userspace-api/spec_ctrl.rst
+ *
+ * - Speculative Store Bypass
+ * - Indirect Branch Speculation
+ * - Flush L1D Cache on context switch out of the task
+ */
+#ifdef PR_SPEC_STORE_BYPASS
+  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 
0, 0);
+#endif
+
+#ifdef PR_SPEC_INDIRECT_BRANCH
+  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 
PR_SPEC_FORCE_DISABLE, 0, 0);
+#endif
+
+#ifdef PR_SPEC_L1D_FLUSH
+  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_FORCE_DISABLE, 0, 
0);
+#endif
+#endif /* __linux__ */
+
   /* Tell the random module that we have seen an init call.  */
   _gcry_set_preferred_rng_type (0);
 

On Sun, 25/05/2025 at 12.58 -0700, Collin Funk wrote:
> Guido Trentalancia via Gcrypt-devel <gcrypt-devel@gnupg.org> writes:
> 
> > --- a/src/global.c  2024-04-26 14:08:12.000000000 +0200
> > +++ b/src/global.c  2025-05-25 16:03:24.718598884 +0200
> > @@ -33,6 +33,7 @@
> >  #ifdef HAVE_SYSLOG
> >  # include <syslog.h>
> >  #endif /*HAVE_SYSLOG*/
> > +#include <sys/prctl.h>
> 
> This would cause a compilation error on many platforms since
> sys/prctl.h
> is Linux-specific.
> 
> Collin

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: [PATCH libgcrypt v2] Disable CPU speculation-related misfeatures

Reply via email to