On 11/20/2018 04:08 PM, Tim Chen wrote:
> From: Jiri Kosina <jkos...@suse.cz>
>
> If 'prctl' mode of app2app protection from spectre_v2 is selected on
> kernel command-line, we are currently applying STIBP protection to
> tasks that restrict their indirect branch speculation via
>
> prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0,
> 0);
>
> Let's extend this to cover also SECCOMP tasks (analogically to how we
> apply SSBD protection).
>
> According to software guidance:
>
> "Setting ... STIBP ... on a logical processor prevents the predicted
> targets of indirect branches on any logical processor of that core
> from being controlled by software that executes (or executed
> previously) on another logical processor of the same core."
>
> https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors
>
> Hence setting STIBP on a sandboxed task will prevent the task
> from attacking other sibling threads or getting attacked.
>
> Signed-off-by: Jiri Kosina <jkos...@suse.cz>
> Signed-off-by: Tim Chen <tim.c.c...@linux.intel.com>
> ---
Will need this chunk added, which I missed in my update of Jiri's patch.
Thanks.
Tim
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c4d010d..d070e84 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -275,6 +275,7 @@ enum spectre_v2_app2app_cmd {
{ "off", SPECTRE_V2_APP2APP_CMD_NONE, false },
{ "on", SPECTRE_V2_APP2APP_CMD_FORCE, true },
{ "prctl", SPECTRE_V2_APP2APP_CMD_PRCTL, false },
+ { "seccomp", SPECTRE_V2_APP2APP_CMD_SECCOMP, false },
};
static void __init spec_v2_app_print_cond(const char *reason, bool secure)
