diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0055-seccomp-Move-speculation-migitation-control-to-arch-.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0055-seccomp-Move-speculation-migitation-control-to-arch-.patch | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0055-seccomp-Move-speculation-migitation-control-to-arch-.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0055-seccomp-Move-speculation-migitation-control-to-arch-.patch new file mode 100644 index 00000000..ca98b862 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0055-seccomp-Move-speculation-migitation-control-to-arch-.patch @@ -0,0 +1,121 @@ +From 2a4ae48837c977605ea36a01ed63fa8638e4c881 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner <tglx@linutronix.de> +Date: Fri, 4 May 2018 15:12:06 +0200 +Subject: [PATCH 55/93] seccomp: Move speculation migitation control to arch + code + +commit 8bf37d8c067bb7eb8e7c381bdadf9bd89182b6bc upstream + +The migitation control is simpler to implement in architecture code as it +avoids the extra function call to check the mode. Aside of that having an +explicit seccomp enabled mode in the architecture mitigations would require +even more workarounds. + +Move it into architecture code and provide a weak function in the seccomp +code. Remove the 'which' argument as this allows the architecture to decide +which mitigations are relevant for seccomp. + +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++----------- + include/linux/nospec.h | 2 ++ + kernel/seccomp.c | 15 ++------------- + 3 files changed, 22 insertions(+), 24 deletions(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index fdbd8e5..131617d 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -568,6 +568,24 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) + return 0; + } + ++int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, ++ unsigned long ctrl) ++{ ++ switch (which) { ++ case PR_SPEC_STORE_BYPASS: ++ return ssb_prctl_set(task, ctrl); ++ default: ++ return -ENODEV; ++ } ++} ++ ++#ifdef CONFIG_SECCOMP ++void arch_seccomp_spec_mitigate(struct task_struct *task) ++{ ++ ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); ++} ++#endif ++ + static int ssb_prctl_get(struct task_struct *task) + { + switch (ssb_mode) { +@@ -586,17 +604,6 @@ static int ssb_prctl_get(struct task_struct *task) + } + } + +-int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, +- unsigned long ctrl) +-{ +- switch (which) { +- case PR_SPEC_STORE_BYPASS: +- return ssb_prctl_set(task, ctrl); +- default: +- return -ENODEV; +- } +-} +- + int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) + { + switch (which) { +diff --git a/include/linux/nospec.h b/include/linux/nospec.h +index a908c95..0c5ef54 100644 +--- a/include/linux/nospec.h ++++ b/include/linux/nospec.h +@@ -62,5 +62,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which); + int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, + unsigned long ctrl); ++/* Speculation control for seccomp enforced mitigation */ ++void arch_seccomp_spec_mitigate(struct task_struct *task); + + #endif /* _LINUX_NOSPEC_H */ +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 62a60e7..3975856 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -216,18 +216,7 @@ static inline bool seccomp_may_assign_mode(unsigned long seccomp_mode) + return true; + } + +-/* +- * If a given speculation mitigation is opt-in (prctl()-controlled), +- * select it, by disabling speculation (enabling mitigation). +- */ +-static inline void spec_mitigate(struct task_struct *task, +- unsigned long which) +-{ +- int state = arch_prctl_spec_ctrl_get(task, which); +- +- if (state > 0 && (state & PR_SPEC_PRCTL)) +- arch_prctl_spec_ctrl_set(task, which, PR_SPEC_FORCE_DISABLE); +-} ++void __weak arch_seccomp_spec_mitigate(struct task_struct *task) { } + + static inline void seccomp_assign_mode(struct task_struct *task, + unsigned long seccomp_mode, +@@ -243,7 +232,7 @@ static inline void seccomp_assign_mode(struct task_struct *task, + smp_mb__before_atomic(); + /* Assume default seccomp processes want spec flaw mitigation. */ + if ((flags & SECCOMP_FILTER_FLAG_SPEC_ALLOW) == 0) +- spec_mitigate(task, PR_SPEC_STORE_BYPASS); ++ arch_seccomp_spec_mitigate(task); + set_tsk_thread_flag(task, TIF_SECCOMP); + } + +-- +2.7.4 + |