1*b617cfc8SThomas Gleixner=================== 2*b617cfc8SThomas GleixnerSpeculation Control 3*b617cfc8SThomas Gleixner=================== 4*b617cfc8SThomas Gleixner 5*b617cfc8SThomas GleixnerQuite some CPUs have speculation related misfeatures which are in fact 6*b617cfc8SThomas Gleixnervulnerabilites causing data leaks in various forms even accross privilege 7*b617cfc8SThomas Gleixnerdomains. 8*b617cfc8SThomas Gleixner 9*b617cfc8SThomas GleixnerThe kernel provides mitigation for such vulnerabilities in various 10*b617cfc8SThomas Gleixnerforms. Some of these mitigations are compile time configurable and some on 11*b617cfc8SThomas Gleixnerthe kernel command line. 12*b617cfc8SThomas Gleixner 13*b617cfc8SThomas GleixnerThere is also a class of mitigations which are very expensive, but they can 14*b617cfc8SThomas Gleixnerbe restricted to a certain set of processes or tasks in controlled 15*b617cfc8SThomas Gleixnerenvironments. The mechanism to control these mitigations is via 16*b617cfc8SThomas Gleixner:manpage:`prctl(2)`. 17*b617cfc8SThomas Gleixner 18*b617cfc8SThomas GleixnerThere are two prctl options which are related to this: 19*b617cfc8SThomas Gleixner 20*b617cfc8SThomas Gleixner * PR_GET_SPECULATION_CTRL 21*b617cfc8SThomas Gleixner 22*b617cfc8SThomas Gleixner * PR_SET_SPECULATION_CTRL 23*b617cfc8SThomas Gleixner 24*b617cfc8SThomas GleixnerPR_GET_SPECULATION_CTRL 25*b617cfc8SThomas Gleixner----------------------- 26*b617cfc8SThomas Gleixner 27*b617cfc8SThomas GleixnerPR_GET_SPECULATION_CTRL returns the state of the speculation misfeature 28*b617cfc8SThomas Gleixnerwhich is selected with arg2 of prctl(2). The return value uses bits 0-2 with 29*b617cfc8SThomas Gleixnerthe following meaning: 30*b617cfc8SThomas Gleixner 31*b617cfc8SThomas Gleixner==== ================ =================================================== 32*b617cfc8SThomas GleixnerBit Define Description 33*b617cfc8SThomas Gleixner==== ================ =================================================== 34*b617cfc8SThomas Gleixner0 PR_SPEC_PRCTL Mitigation can be controlled per task by 35*b617cfc8SThomas Gleixner PR_SET_SPECULATION_CTRL 36*b617cfc8SThomas Gleixner1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is 37*b617cfc8SThomas Gleixner disabled 38*b617cfc8SThomas Gleixner2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is 39*b617cfc8SThomas Gleixner enabled 40*b617cfc8SThomas Gleixner==== ================ =================================================== 41*b617cfc8SThomas Gleixner 42*b617cfc8SThomas GleixnerIf all bits are 0 the CPU is not affected by the speculation misfeature. 43*b617cfc8SThomas Gleixner 44*b617cfc8SThomas GleixnerIf PR_SPEC_PRCTL is set, then the per task control of the mitigation is 45*b617cfc8SThomas Gleixneravailable. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation 46*b617cfc8SThomas Gleixnermisfeature will fail. 47*b617cfc8SThomas Gleixner 48*b617cfc8SThomas GleixnerPR_SET_SPECULATION_CTRL 49*b617cfc8SThomas Gleixner----------------------- 50*b617cfc8SThomas GleixnerPR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which 51*b617cfc8SThomas Gleixneris selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand 52*b617cfc8SThomas Gleixnerin the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE. 53*b617cfc8SThomas Gleixner 54*b617cfc8SThomas GleixnerCommon error codes 55*b617cfc8SThomas Gleixner------------------ 56*b617cfc8SThomas Gleixner======= ================================================================= 57*b617cfc8SThomas GleixnerValue Meaning 58*b617cfc8SThomas Gleixner======= ================================================================= 59*b617cfc8SThomas GleixnerEINVAL The prctl is not implemented by the architecture or unused 60*b617cfc8SThomas Gleixner prctl(2) arguments are not 0 61*b617cfc8SThomas Gleixner 62*b617cfc8SThomas GleixnerENODEV arg2 is selecting a not supported speculation misfeature 63*b617cfc8SThomas Gleixner======= ================================================================= 64*b617cfc8SThomas Gleixner 65*b617cfc8SThomas GleixnerPR_SET_SPECULATION_CTRL error codes 66*b617cfc8SThomas Gleixner----------------------------------- 67*b617cfc8SThomas Gleixner======= ================================================================= 68*b617cfc8SThomas GleixnerValue Meaning 69*b617cfc8SThomas Gleixner======= ================================================================= 70*b617cfc8SThomas Gleixner0 Success 71*b617cfc8SThomas Gleixner 72*b617cfc8SThomas GleixnerERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor 73*b617cfc8SThomas Gleixner PR_SPEC_DISABLE 74*b617cfc8SThomas Gleixner 75*b617cfc8SThomas GleixnerENXIO Control of the selected speculation misfeature is not possible. 76*b617cfc8SThomas Gleixner See PR_GET_SPECULATION_CTRL. 77*b617cfc8SThomas Gleixner======= ================================================================= 78*b617cfc8SThomas Gleixner 79*b617cfc8SThomas GleixnerSpeculation misfeature controls 80*b617cfc8SThomas Gleixner------------------------------- 81*b617cfc8SThomas Gleixner- PR_SPEC_STORE_BYPASS: Speculative Store Bypass 82*b617cfc8SThomas Gleixner 83*b617cfc8SThomas Gleixner Invocations: 84*b617cfc8SThomas Gleixner * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0); 85*b617cfc8SThomas Gleixner * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); 86*b617cfc8SThomas Gleixner * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); 87