diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0044-prctl-Add-speculation-control-prctls.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0044-prctl-Add-speculation-control-prctls.patch | 239 |
1 files changed, 0 insertions, 239 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0044-prctl-Add-speculation-control-prctls.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0044-prctl-Add-speculation-control-prctls.patch deleted file mode 100644 index 1baf848c..00000000 --- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0044-prctl-Add-speculation-control-prctls.patch +++ /dev/null @@ -1,239 +0,0 @@ -From 93715f38b4419faa4f84a9bb536f11d89c5c7427 Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Sun, 29 Apr 2018 15:20:11 +0200 -Subject: [PATCH 44/93] prctl: Add speculation control prctls - -commit b617cfc858161140d69cc0b5cc211996b557a1c7 upstream - -Add two new prctls to control aspects of speculation related vulnerabilites -and their mitigations to provide finer grained control over performance -impacting mitigations. - -PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature -which is selected with arg2 of prctl(2). The return value uses bit 0-2 with -the following meaning: - -Bit Define Description -0 PR_SPEC_PRCTL Mitigation can be controlled per task by - PR_SET_SPECULATION_CTRL -1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is - disabled -2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is - enabled - -If all bits are 0 the CPU is not affected by the speculation misfeature. - -If PR_SPEC_PRCTL is set, then the per task control of the mitigation is -available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation -misfeature will fail. - -PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which -is selected by arg2 of prctl(2) per task. arg3 is used to hand in the -control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE. - -The common return values are: - -EINVAL prctl is not implemented by the architecture or the unused prctl() - arguments are not 0 -ENODEV arg2 is selecting a not supported speculation misfeature - -PR_SET_SPECULATION_CTRL has these additional return values: - -ERANGE arg3 is incorrect, i.e. it's not either PR_SPEC_ENABLE or PR_SPEC_DISABLE -ENXIO prctl control of the selected speculation misfeature is disabled - -The first supported controlable speculation misfeature is -PR_SPEC_STORE_BYPASS. Add the define so this can be shared between -architectures. - -Based on an initial patch from Tim Chen and mostly rewritten. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Reviewed-by: Ingo Molnar <mingo@kernel.org> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> -Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - Documentation/spec_ctrl.txt | 86 +++++++++++++++++++++++++++++++++++++++++++++ - include/linux/nospec.h | 5 +++ - include/uapi/linux/prctl.h | 11 ++++++ - kernel/sys.c | 22 ++++++++++++ - 4 files changed, 124 insertions(+) - create mode 100644 Documentation/spec_ctrl.txt - -diff --git a/Documentation/spec_ctrl.txt b/Documentation/spec_ctrl.txt -new file mode 100644 -index 0000000..ddbebcd ---- /dev/null -+++ b/Documentation/spec_ctrl.txt -@@ -0,0 +1,86 @@ -+=================== -+Speculation Control -+=================== -+ -+Quite some CPUs have speculation related misfeatures which are in fact -+vulnerabilites causing data leaks in various forms even accross privilege -+domains. -+ -+The kernel provides mitigation for such vulnerabilities in various -+forms. Some of these mitigations are compile time configurable and some on -+the kernel command line. -+ -+There is also a class of mitigations which are very expensive, but they can -+be restricted to a certain set of processes or tasks in controlled -+environments. The mechanism to control these mitigations is via -+:manpage:`prctl(2)`. -+ -+There are two prctl options which are related to this: -+ -+ * PR_GET_SPECULATION_CTRL -+ -+ * PR_SET_SPECULATION_CTRL -+ -+PR_GET_SPECULATION_CTRL -+----------------------- -+ -+PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature -+which is selected with arg2 of prctl(2). The return value uses bits 0-2 with -+the following meaning: -+ -+==== ================ =================================================== -+Bit Define Description -+==== ================ =================================================== -+0 PR_SPEC_PRCTL Mitigation can be controlled per task by -+ PR_SET_SPECULATION_CTRL -+1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is -+ disabled -+2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is -+ enabled -+==== ================ =================================================== -+ -+If all bits are 0 the CPU is not affected by the speculation misfeature. -+ -+If PR_SPEC_PRCTL is set, then the per task control of the mitigation is -+available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation -+misfeature will fail. -+ -+PR_SET_SPECULATION_CTRL -+----------------------- -+PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which -+is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand -+in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE. -+ -+Common error codes -+------------------ -+======= ================================================================= -+Value Meaning -+======= ================================================================= -+EINVAL The prctl is not implemented by the architecture or unused -+ prctl(2) arguments are not 0 -+ -+ENODEV arg2 is selecting a not supported speculation misfeature -+======= ================================================================= -+ -+PR_SET_SPECULATION_CTRL error codes -+----------------------------------- -+======= ================================================================= -+Value Meaning -+======= ================================================================= -+0 Success -+ -+ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor -+ PR_SPEC_DISABLE -+ -+ENXIO Control of the selected speculation misfeature is not possible. -+ See PR_GET_SPECULATION_CTRL. -+======= ================================================================= -+ -+Speculation misfeature controls -+------------------------------- -+- PR_SPEC_STORE_BYPASS: Speculative Store Bypass -+ -+ Invocations: -+ * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0); -+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); -+ * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); -diff --git a/include/linux/nospec.h b/include/linux/nospec.h -index e791ebc..700bb8a 100644 ---- a/include/linux/nospec.h -+++ b/include/linux/nospec.h -@@ -55,4 +55,9 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, - \ - (typeof(_i)) (_i & _mask); \ - }) -+ -+/* Speculation control prctl */ -+int arch_prctl_spec_ctrl_get(unsigned long which); -+int arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl); -+ - #endif /* _LINUX_NOSPEC_H */ -diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h -index a8d0759..3b316be 100644 ---- a/include/uapi/linux/prctl.h -+++ b/include/uapi/linux/prctl.h -@@ -197,4 +197,15 @@ struct prctl_mm_map { - # define PR_CAP_AMBIENT_LOWER 3 - # define PR_CAP_AMBIENT_CLEAR_ALL 4 - -+/* Per task speculation control */ -+#define PR_GET_SPECULATION_CTRL 52 -+#define PR_SET_SPECULATION_CTRL 53 -+/* Speculation control variants */ -+# define PR_SPEC_STORE_BYPASS 0 -+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ -+# define PR_SPEC_NOT_AFFECTED 0 -+# define PR_SPEC_PRCTL (1UL << 0) -+# define PR_SPEC_ENABLE (1UL << 1) -+# define PR_SPEC_DISABLE (1UL << 2) -+ - #endif /* _LINUX_PRCTL_H */ -diff --git a/kernel/sys.c b/kernel/sys.c -index 89d5be4..312c985 100644 ---- a/kernel/sys.c -+++ b/kernel/sys.c -@@ -53,6 +53,8 @@ - #include <linux/uidgid.h> - #include <linux/cred.h> - -+#include <linux/nospec.h> -+ - #include <linux/kmsg_dump.h> - /* Move somewhere else to avoid recompiling? */ - #include <generated/utsrelease.h> -@@ -2072,6 +2074,16 @@ static int prctl_get_tid_address(struct task_struct *me, int __user **tid_addr) - } - #endif - -+int __weak arch_prctl_spec_ctrl_get(unsigned long which) -+{ -+ return -EINVAL; -+} -+ -+int __weak arch_prctl_spec_ctrl_set(unsigned long which, unsigned long ctrl) -+{ -+ return -EINVAL; -+} -+ - SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, - unsigned long, arg4, unsigned long, arg5) - { -@@ -2270,6 +2282,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, - case PR_GET_FP_MODE: - error = GET_FP_MODE(me); - break; -+ case PR_GET_SPECULATION_CTRL: -+ if (arg3 || arg4 || arg5) -+ return -EINVAL; -+ error = arch_prctl_spec_ctrl_get(arg2); -+ break; -+ case PR_SET_SPECULATION_CTRL: -+ if (arg4 || arg5) -+ return -EINVAL; -+ error = arch_prctl_spec_ctrl_set(arg2, arg3); -+ break; - default: - error = -EINVAL; - break; --- -2.7.4 - |