diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0056-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0056-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch | 166 |
1 files changed, 0 insertions, 166 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0056-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0056-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch deleted file mode 100644 index 21edf610..00000000 --- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0056-x86-speculation-Make-seccomp-the-default-mode-for-Sp.patch +++ /dev/null @@ -1,166 +0,0 @@ -From c9379df089e45eab50820798e3e98aee3b1e5adf Mon Sep 17 00:00:00 2001 -From: Kees Cook <keescook@chromium.org> -Date: Thu, 3 May 2018 14:37:54 -0700 -Subject: [PATCH 56/93] x86/speculation: Make "seccomp" the default mode for - Speculative Store Bypass - -commit f21b53b20c754021935ea43364dbf53778eeba32 upstream - -Unless explicitly opted out of, anything running under seccomp will have -SSB mitigations enabled. Choosing the "prctl" mode will disable this. - -[ tglx: Adjusted it to the new arch_seccomp_spec_mitigate() mechanism ] - -Signed-off-by: Kees Cook <keescook@chromium.org> -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - Documentation/kernel-parameters.txt | 26 +++++++++++++++++--------- - arch/x86/include/asm/nospec-branch.h | 1 + - arch/x86/kernel/cpu/bugs.c | 32 +++++++++++++++++++++++--------- - 3 files changed, 41 insertions(+), 18 deletions(-) - -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 80811df..2c5df33 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -3986,19 +3986,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - This parameter controls whether the Speculative Store - Bypass optimization is used. - -- on - Unconditionally disable Speculative Store Bypass -- off - Unconditionally enable Speculative Store Bypass -- auto - Kernel detects whether the CPU model contains an -- implementation of Speculative Store Bypass and -- picks the most appropriate mitigation. -- prctl - Control Speculative Store Bypass per thread -- via prctl. Speculative Store Bypass is enabled -- for a process by default. The state of the control -- is inherited on fork. -+ on - Unconditionally disable Speculative Store Bypass -+ off - Unconditionally enable Speculative Store Bypass -+ auto - Kernel detects whether the CPU model contains an -+ implementation of Speculative Store Bypass and -+ picks the most appropriate mitigation. If the -+ CPU is not vulnerable, "off" is selected. If the -+ CPU is vulnerable the default mitigation is -+ architecture and Kconfig dependent. See below. -+ prctl - Control Speculative Store Bypass per thread -+ via prctl. Speculative Store Bypass is enabled -+ for a process by default. The state of the control -+ is inherited on fork. -+ seccomp - Same as "prctl" above, but all seccomp threads -+ will disable SSB unless they explicitly opt out. - - Not specifying this option is equivalent to - spec_store_bypass_disable=auto. - -+ Default mitigations: -+ X86: If CONFIG_SECCOMP=y "seccomp", otherwise "prctl" -+ - spia_io_base= [HW,MTD] - spia_fio_base= - spia_pedr= -diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h -index 71ad014..328ea3c 100644 ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -233,6 +233,7 @@ enum ssb_mitigation { - SPEC_STORE_BYPASS_NONE, - SPEC_STORE_BYPASS_DISABLE, - SPEC_STORE_BYPASS_PRCTL, -+ SPEC_STORE_BYPASS_SECCOMP, - }; - - extern char __indirect_thunk_start[]; -diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c -index 131617d..9a3bb65 100644 ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -415,22 +415,25 @@ enum ssb_mitigation_cmd { - SPEC_STORE_BYPASS_CMD_AUTO, - SPEC_STORE_BYPASS_CMD_ON, - SPEC_STORE_BYPASS_CMD_PRCTL, -+ SPEC_STORE_BYPASS_CMD_SECCOMP, - }; - - static const char *ssb_strings[] = { - [SPEC_STORE_BYPASS_NONE] = "Vulnerable", - [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", -- [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl" -+ [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", -+ [SPEC_STORE_BYPASS_SECCOMP] = "Mitigation: Speculative Store Bypass disabled via prctl and seccomp", - }; - - static const struct { - const char *option; - enum ssb_mitigation_cmd cmd; - } ssb_mitigation_options[] = { -- { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ -- { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ -- { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ -- { "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */ -+ { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ -+ { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ -+ { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ -+ { "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */ -+ { "seccomp", SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */ - }; - - static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) -@@ -480,8 +483,15 @@ static enum ssb_mitigation_cmd __init __ssb_select_mitigation(void) - - switch (cmd) { - case SPEC_STORE_BYPASS_CMD_AUTO: -- /* Choose prctl as the default mode */ -- mode = SPEC_STORE_BYPASS_PRCTL; -+ case SPEC_STORE_BYPASS_CMD_SECCOMP: -+ /* -+ * Choose prctl+seccomp as the default mode if seccomp is -+ * enabled. -+ */ -+ if (IS_ENABLED(CONFIG_SECCOMP)) -+ mode = SPEC_STORE_BYPASS_SECCOMP; -+ else -+ mode = SPEC_STORE_BYPASS_PRCTL; - break; - case SPEC_STORE_BYPASS_CMD_ON: - mode = SPEC_STORE_BYPASS_DISABLE; -@@ -529,12 +539,14 @@ static void ssb_select_mitigation() - } - - #undef pr_fmt -+#define pr_fmt(fmt) "Speculation prctl: " fmt - - static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) - { - bool update; - -- if (ssb_mode != SPEC_STORE_BYPASS_PRCTL) -+ if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && -+ ssb_mode != SPEC_STORE_BYPASS_SECCOMP) - return -ENXIO; - - switch (ctrl) { -@@ -582,7 +594,8 @@ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, - #ifdef CONFIG_SECCOMP - void arch_seccomp_spec_mitigate(struct task_struct *task) - { -- ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); -+ if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) -+ ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); - } - #endif - -@@ -591,6 +604,7 @@ static int ssb_prctl_get(struct task_struct *task) - switch (ssb_mode) { - case SPEC_STORE_BYPASS_DISABLE: - return PR_SPEC_DISABLE; -+ case SPEC_STORE_BYPASS_SECCOMP: - case SPEC_STORE_BYPASS_PRCTL: - if (task_spec_ssb_force_disable(task)) - return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; --- -2.7.4 - |