From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from userp2120.oracle.com ([156.151.31.85]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fE8We-0002uh-Os for speck@linutronix.de; Thu, 03 May 2018 09:19:37 +0200 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w437GUhr152154 for ; Thu, 3 May 2018 07:19:29 GMT Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2120.oracle.com with ESMTP id 2hmhmfr5qv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 03 May 2018 07:19:29 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w437JSFE010587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 3 May 2018 07:19:29 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w437JSTA008683 for ; Thu, 3 May 2018 07:19:28 GMT Date: Thu, 3 May 2018 03:19:27 -0400 From: Konrad Rzeszutek Wilk Subject: [MODERATED] Re: [patch V11 14/16] SSB 14 Message-ID: <20180503071927.GB30144@char.us.oracle.com> References: <20180502215102.192655950@linutronix.de> <20180502215417.260586111@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20180502215417.260586111@linutronix.de> Content-Type: multipart/mixed; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline To: speck@linutronix.de List-ID: --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > The first supported controlable speculation misfeature is > PR_SPEC_STORE_BYPASS. Add the define so this can be shared between > architectures. > > TODO: Write a man prctl(2) patch. I think you can delete that? I wrote the patch to it - do you want to include it in your patchset? See attached and inline >From 12805eeaf003b99993805c01613a5897355ee12a Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Mon, 30 Apr 2018 13:25:20 -0400 Subject: [PATCH] SSB MANPAGE #1 prctl.2: PR_[SET|GET]_SPECULATION_CTRL field. Signed-off-by: Konrad Rzeszutek Wilk --- v8: New patch v9: s/EUCLEAN/EINVAL/ Also add section in PR_SET_SPECULATION_CTRL about arg[4,5] being zero. --- man2/prctl.2 | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/man2/prctl.2 b/man2/prctl.2 index 54764d881..3614ff4b6 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -1008,6 +1008,88 @@ the "securebits" flags of the calling thread. See .BR capabilities (7). .TP +.BR PR_GET_SPECULATION_CTRL +Returns the state of the speculation misfeature which is selected with +the value of +.IR arg2 , +which must be +.B PR_SPEC_STORE_BYPASS. +Otherwise the call fails with the error +.BR ENODEV . +The return value uses bit 0-2 with the following meaning: +.RS +.TP +.BR PR_SPEC_PRCTL +Mitigation can be controlled per task by +.B PR_SET_SPECULATION_CTRL +.TP +.BR PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.BR PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled +.RE +.IP +If all bits are +.B 0 +then the CPU is not affected by the speculation misfeature. +.IP +If +.B PR_SPEC_PRCTL +is set, then the per task control of the mitigation is available. If not set, +.B prctl() +for the speculation misfeature will fail. +In the above operation +.I arg3 +, +.I arg4, +and +.I arg5 +must be specified as 0, otherwise the call fails with the error +.BR EINVAL. +.TP +.BR PR_SET_SPECULATION_CTRL +Sets the state of the speculation misfeature which is selected with +the value of +.IR arg2 , +which must be +.B PR_SPEC_STORE_BYPASS. +Otherwise the call fails with the error +.BR ENODEV . +This control is per task. The +.IR arg3 +is used to hand in the control value, which can be either: +.RS +.TP +.BR PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.BR PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled +.RE +.IP +Any other value in +.IR arg3 +will result in the call failure with the error +.BR ERANGE . +Also +.I arg4, +and +.I arg5 +must be specified as 0, otherwise the call fails with ethe rror +.BR EINVAL. +.IP +Furtheremore this speculation feature can also be controlled by the boot-time +parameter of +.B +spec_store_bypass_disable= +Which could enforce a read-only policy which will result in the call failure +with the error +.BR ENXIO . +Consult the +.B PR_GET_SPECULATION_CTRL +for details on the possible enumerations. +.TP .BR PR_SET_THP_DISABLE " (since Linux 3.15)" .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52 Set the state of the "THP disable" flag for the calling thread. @@ -1501,6 +1583,12 @@ and .IR arg3 does not specify a valid capability. .TP +.B ENODEV +.I option +was +.BR PR_SET_SPECULATION_CTRL +the kernel or CPU does not support the requested speculation misfeature. +.TP .B ENXIO .I option was @@ -1510,6 +1598,15 @@ or and the kernel or the CPU does not support MPX management. Check that the kernel and processor have MPX support. .TP +.B ENXIO +.I option +was +.BR PR_SET_SPECULATION_CTRL +implies that the control of the selected speculation misfeature is not possible. +See +.BR PR_GET_SPECULATION_CTRL +for the bit fields to determine which option is available. +.TP .B EOPNOTSUPP .I option is @@ -1570,6 +1667,28 @@ is not present in the process's permitted and inheritable capability sets, or the .B PR_CAP_AMBIENT_LOWER securebit has been set. +.TP +.B ERANGE +.I option +was +.BR PR_SET_SPECULATION_CTRL +and +.IR arg3 +is incorrect - neither +.B PR_SPEC_ENABLE +nor +.B PR_SPEC_DISABLE +. +.TP +.B EINVAL +.I option +was +.BR PR_GET_SPECULATION_CTRL +or +.BR PR_SET_SPECULATION_CTRL +and unused arguments to +.B prctl() +are not 0. .SH VERSIONS The .BR prctl () -- 2.13.4 --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-SSB-MANPAGE-1.patch" >From 12805eeaf003b99993805c01613a5897355ee12a Mon Sep 17 00:00:00 2001 From: Konrad Rzeszutek Wilk Date: Mon, 30 Apr 2018 13:25:20 -0400 Subject: [PATCH] SSB MANPAGE #1 prctl.2: PR_[SET|GET]_SPECULATION_CTRL field. Signed-off-by: Konrad Rzeszutek Wilk --- v8: New patch v9: s/EUCLEAN/EINVAL/ Also add section in PR_SET_SPECULATION_CTRL about arg[4,5] being zero. --- man2/prctl.2 | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/man2/prctl.2 b/man2/prctl.2 index 54764d881..3614ff4b6 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -1008,6 +1008,88 @@ the "securebits" flags of the calling thread. See .BR capabilities (7). .TP +.BR PR_GET_SPECULATION_CTRL +Returns the state of the speculation misfeature which is selected with +the value of +.IR arg2 , +which must be +.B PR_SPEC_STORE_BYPASS. +Otherwise the call fails with the error +.BR ENODEV . +The return value uses bit 0-2 with the following meaning: +.RS +.TP +.BR PR_SPEC_PRCTL +Mitigation can be controlled per task by +.B PR_SET_SPECULATION_CTRL +.TP +.BR PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.BR PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled +.RE +.IP +If all bits are +.B 0 +then the CPU is not affected by the speculation misfeature. +.IP +If +.B PR_SPEC_PRCTL +is set, then the per task control of the mitigation is available. If not set, +.B prctl() +for the speculation misfeature will fail. +In the above operation +.I arg3 +, +.I arg4, +and +.I arg5 +must be specified as 0, otherwise the call fails with the error +.BR EINVAL. +.TP +.BR PR_SET_SPECULATION_CTRL +Sets the state of the speculation misfeature which is selected with +the value of +.IR arg2 , +which must be +.B PR_SPEC_STORE_BYPASS. +Otherwise the call fails with the error +.BR ENODEV . +This control is per task. The +.IR arg3 +is used to hand in the control value, which can be either: +.RS +.TP +.BR PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.BR PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled +.RE +.IP +Any other value in +.IR arg3 +will result in the call failure with the error +.BR ERANGE . +Also +.I arg4, +and +.I arg5 +must be specified as 0, otherwise the call fails with ethe rror +.BR EINVAL. +.IP +Furtheremore this speculation feature can also be controlled by the boot-time +parameter of +.B +spec_store_bypass_disable= +Which could enforce a read-only policy which will result in the call failure +with the error +.BR ENXIO . +Consult the +.B PR_GET_SPECULATION_CTRL +for details on the possible enumerations. +.TP .BR PR_SET_THP_DISABLE " (since Linux 3.15)" .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52 Set the state of the "THP disable" flag for the calling thread. @@ -1501,6 +1583,12 @@ and .IR arg3 does not specify a valid capability. .TP +.B ENODEV +.I option +was +.BR PR_SET_SPECULATION_CTRL +the kernel or CPU does not support the requested speculation misfeature. +.TP .B ENXIO .I option was @@ -1510,6 +1598,15 @@ or and the kernel or the CPU does not support MPX management. Check that the kernel and processor have MPX support. .TP +.B ENXIO +.I option +was +.BR PR_SET_SPECULATION_CTRL +implies that the control of the selected speculation misfeature is not possible. +See +.BR PR_GET_SPECULATION_CTRL +for the bit fields to determine which option is available. +.TP .B EOPNOTSUPP .I option is @@ -1570,6 +1667,28 @@ is not present in the process's permitted and inheritable capability sets, or the .B PR_CAP_AMBIENT_LOWER securebit has been set. +.TP +.B ERANGE +.I option +was +.BR PR_SET_SPECULATION_CTRL +and +.IR arg3 +is incorrect - neither +.B PR_SPEC_ENABLE +nor +.B PR_SPEC_DISABLE +. +.TP +.B EINVAL +.I option +was +.BR PR_GET_SPECULATION_CTRL +or +.BR PR_SET_SPECULATION_CTRL +and unused arguments to +.B prctl() +are not 0. .SH VERSIONS The .BR prctl () -- 2.13.4 --uAKRQypu60I7Lcqm--