On 11/20/2018 04:08 PM, Tim Chen wrote:
From: Jiri Kosina jkosina@suse.cz
If 'prctl' mode of app2app protection from spectre_v2 is selected on kernel command-line, we are currently applying STIBP protection to tasks that restrict their indirect branch speculation via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0);
Let's extend this to cover also SECCOMP tasks (analogically to how we apply SSBD protection).
According to software guidance:
"Setting ... STIBP ... on a logical processor prevents the predicted targets of indirect branches on any logical processor of that core from being controlled by software that executes (or executed previously) on another logical processor of the same core."
https://software.intel.com/security-software-guidance/insights/deep-dive-sin...
Hence setting STIBP on a sandboxed task will prevent the task from attacking other sibling threads or getting attacked.
Signed-off-by: Jiri Kosina jkosina@suse.cz Signed-off-by: Tim Chen tim.c.chen@linux.intel.com
Will need this chunk added, which I missed in my update of Jiri's patch.
Thanks.
Tim
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c4d010d..d070e84 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -275,6 +275,7 @@ enum spectre_v2_app2app_cmd { { "off", SPECTRE_V2_APP2APP_CMD_NONE, false }, { "on", SPECTRE_V2_APP2APP_CMD_FORCE, true }, { "prctl", SPECTRE_V2_APP2APP_CMD_PRCTL, false }, + { "seccomp", SPECTRE_V2_APP2APP_CMD_SECCOMP, false }, };
static void __init spec_v2_app_print_cond(const char *reason, bool secure)