Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes

Sun, 18 Nov 2018 15:00:06 -0800 

On Sat, 17 Nov 2018, Jiri Kosina wrote:

> > diff --git a/Documentation/admin-guide/kernel-parameters.txt 
> > b/Documentation/admin-guide/kernel-parameters.txt
> > index 81d1d5a..9c306e3 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -4215,6 +4215,26 @@
> >                     Not specifying this option is equivalent to
> >                     spectre_v2=auto.
> >  
> > +   spectre_v2_app2app=
> > +                   [X86] Control mitigation of Spectre variant 2
> > +                   application to application (indirect branch speculation)
> > +                   vulnerability.
> > +
> > +                   off    - Unconditionally disable mitigations
> > +                   lite   - Protect tasks which have requested restricted
> > +                            indirect branch speculation via the
> > +                            PR_SET_SPECULATION_CTRL prctl(). 
> 
> Don't we also want to do the same for SECCOMP processess, analogically how 
> we do it for SSBD?

IOW, how about patch below on top of your series? Thanks.


From: Jiri Kosina <jkos...@suse.cz>
Subject: [PATCH] x86/speculation: enforce STIBP for SECCOMP tasks in lite mode

If 'lite' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
non-dumpable tasks, and tasks that have explicitly requested such
protection via

        prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 
0);

Let's extend this to cover also SECCOMP tasks (analogically to how we
apply SSBD protection).

Signed-off-by: Jiri Kosina <jkos...@suse.cz>
---
 Documentation/admin-guide/kernel-parameters.txt | 9 +++++----
 arch/x86/kernel/cpu/bugs.c                      | 2 ++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt 
b/Documentation/admin-guide/kernel-parameters.txt
index 102f9a169eec..74f547e5c8f6 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -4221,10 +4221,11 @@
                        vulnerability.
 
                        off    - Unconditionally disable mitigations
-                       lite   - Protect tasks which are marked non-dumpable
-                                and tasks which have requested restricted
-                                indirect branch speculation via the
-                                PR_SET_SPECULATION_CTRL prctl(). 
+                       lite   - Protect tasks which are marked non-dumpable,
+                                tasks which have requested restricted indirect
+                                branch speculation via the
+                                PR_SET_SPECULATION_CTRL prctl() and seccomp
+                                tasks.
                        strict - Protect all processes
                        auto   - Kernel selects the mode
 
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index e7f9334f18c0..3ec952108e87 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -863,6 +863,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task)
 {
        if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
                ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
+       if (spectre_v2_app2app_enabled == SPECTRE_V2_APP2APP_LITE)
+               set_task_stibp(task, true);
 }
 #endif
 

-- 
Jiri Kosina
SUSE Labs

Reply via email to