Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86/pti update from Thomas Gleixner: "Just a single change from the anti-performance departement: - Add a new PR_SPEC_DISABLE_NOEXEC option which allows to apply the speculation protections on a process without inheriting the state on exec. This remedies a situation where a Java-launcher has speculation protections enabled because that's the default for JVMs which causes the launched regular harmless processes to inherit the protection state which results in unintended performance degradation" * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/speculation: Add PR_SPEC_DISABLE_NOEXEChifive-unleashed-5.1
commit
edaed168e1
|
@ -39,6 +39,8 @@ Bit Define Description
|
||||||
enabled.
|
enabled.
|
||||||
3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
|
3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
|
||||||
subsequent prctl(..., PR_SPEC_ENABLE) will fail.
|
subsequent prctl(..., PR_SPEC_ENABLE) will fail.
|
||||||
|
4 PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be
|
||||||
|
cleared on :manpage:`execve(2)`.
|
||||||
==== ====================== ==================================================
|
==== ====================== ==================================================
|
||||||
|
|
||||||
If all bits are 0 the CPU is not affected by the speculation misfeature.
|
If all bits are 0 the CPU is not affected by the speculation misfeature.
|
||||||
|
@ -92,6 +94,7 @@ Speculation misfeature controls
|
||||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
|
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
|
||||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||||
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
|
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
|
||||||
|
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0);
|
||||||
|
|
||||||
- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
|
- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
|
||||||
(Mitigate Spectre V2 style attacks against user processes)
|
(Mitigate Spectre V2 style attacks against user processes)
|
||||||
|
|
|
@ -798,15 +798,25 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
|
||||||
if (task_spec_ssb_force_disable(task))
|
if (task_spec_ssb_force_disable(task))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
task_clear_spec_ssb_disable(task);
|
task_clear_spec_ssb_disable(task);
|
||||||
|
task_clear_spec_ssb_noexec(task);
|
||||||
task_update_spec_tif(task);
|
task_update_spec_tif(task);
|
||||||
break;
|
break;
|
||||||
case PR_SPEC_DISABLE:
|
case PR_SPEC_DISABLE:
|
||||||
task_set_spec_ssb_disable(task);
|
task_set_spec_ssb_disable(task);
|
||||||
|
task_clear_spec_ssb_noexec(task);
|
||||||
task_update_spec_tif(task);
|
task_update_spec_tif(task);
|
||||||
break;
|
break;
|
||||||
case PR_SPEC_FORCE_DISABLE:
|
case PR_SPEC_FORCE_DISABLE:
|
||||||
task_set_spec_ssb_disable(task);
|
task_set_spec_ssb_disable(task);
|
||||||
task_set_spec_ssb_force_disable(task);
|
task_set_spec_ssb_force_disable(task);
|
||||||
|
task_clear_spec_ssb_noexec(task);
|
||||||
|
task_update_spec_tif(task);
|
||||||
|
break;
|
||||||
|
case PR_SPEC_DISABLE_NOEXEC:
|
||||||
|
if (task_spec_ssb_force_disable(task))
|
||||||
|
return -EPERM;
|
||||||
|
task_set_spec_ssb_disable(task);
|
||||||
|
task_set_spec_ssb_noexec(task);
|
||||||
task_update_spec_tif(task);
|
task_update_spec_tif(task);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -885,6 +895,8 @@ static int ssb_prctl_get(struct task_struct *task)
|
||||||
case SPEC_STORE_BYPASS_PRCTL:
|
case SPEC_STORE_BYPASS_PRCTL:
|
||||||
if (task_spec_ssb_force_disable(task))
|
if (task_spec_ssb_force_disable(task))
|
||||||
return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
|
return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
|
||||||
|
if (task_spec_ssb_noexec(task))
|
||||||
|
return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;
|
||||||
if (task_spec_ssb_disable(task))
|
if (task_spec_ssb_disable(task))
|
||||||
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
|
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
|
||||||
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
|
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
|
||||||
|
|
|
@ -255,6 +255,18 @@ void arch_setup_new_exec(void)
|
||||||
/* If cpuid was previously disabled for this task, re-enable it. */
|
/* If cpuid was previously disabled for this task, re-enable it. */
|
||||||
if (test_thread_flag(TIF_NOCPUID))
|
if (test_thread_flag(TIF_NOCPUID))
|
||||||
enable_cpuid();
|
enable_cpuid();
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Don't inherit TIF_SSBD across exec boundary when
|
||||||
|
* PR_SPEC_DISABLE_NOEXEC is used.
|
||||||
|
*/
|
||||||
|
if (test_thread_flag(TIF_SSBD) &&
|
||||||
|
task_spec_ssb_noexec(current)) {
|
||||||
|
clear_thread_flag(TIF_SSBD);
|
||||||
|
task_clear_spec_ssb_disable(current);
|
||||||
|
task_clear_spec_ssb_noexec(current);
|
||||||
|
speculation_ctrl_update(task_thread_info(current)->flags);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void switch_to_bitmap(struct thread_struct *prev,
|
static inline void switch_to_bitmap(struct thread_struct *prev,
|
||||||
|
|
|
@ -1453,6 +1453,7 @@ static inline bool is_percpu_thread(void)
|
||||||
#define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/
|
#define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/
|
||||||
#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */
|
#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */
|
||||||
#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */
|
#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */
|
||||||
|
#define PFA_SPEC_SSB_NOEXEC 7 /* Speculative Store Bypass clear on execve() */
|
||||||
|
|
||||||
#define TASK_PFA_TEST(name, func) \
|
#define TASK_PFA_TEST(name, func) \
|
||||||
static inline bool task_##func(struct task_struct *p) \
|
static inline bool task_##func(struct task_struct *p) \
|
||||||
|
@ -1481,6 +1482,10 @@ TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||||
TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)
|
TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||||
TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)
|
TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)
|
||||||
|
|
||||||
|
TASK_PFA_TEST(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||||
|
TASK_PFA_SET(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||||
|
TASK_PFA_CLEAR(SPEC_SSB_NOEXEC, spec_ssb_noexec)
|
||||||
|
|
||||||
TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
||||||
TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
|
||||||
|
|
||||||
|
|
|
@ -219,6 +219,7 @@ struct prctl_mm_map {
|
||||||
# define PR_SPEC_ENABLE (1UL << 1)
|
# define PR_SPEC_ENABLE (1UL << 1)
|
||||||
# define PR_SPEC_DISABLE (1UL << 2)
|
# define PR_SPEC_DISABLE (1UL << 2)
|
||||||
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||||
|
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||||
|
|
||||||
/* Reset arm64 pointer authentication keys */
|
/* Reset arm64 pointer authentication keys */
|
||||||
#define PR_PAC_RESET_KEYS 54
|
#define PR_PAC_RESET_KEYS 54
|
||||||
|
|
|
@ -219,6 +219,7 @@ struct prctl_mm_map {
|
||||||
# define PR_SPEC_ENABLE (1UL << 1)
|
# define PR_SPEC_ENABLE (1UL << 1)
|
||||||
# define PR_SPEC_DISABLE (1UL << 2)
|
# define PR_SPEC_DISABLE (1UL << 2)
|
||||||
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||||
|
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||||
|
|
||||||
/* Reset arm64 pointer authentication keys */
|
/* Reset arm64 pointer authentication keys */
|
||||||
#define PR_PAC_RESET_KEYS 54
|
#define PR_PAC_RESET_KEYS 54
|
||||||
|
|
Loading…
Reference in New Issue