1=================== 2Speculation Control 3=================== 4 5Quite some CPUs have speculation-related misfeatures which are in 6fact vulnerabilities causing data leaks in various forms even across 7privilege domains. 8 9The kernel provides mitigation for such vulnerabilities in various 10forms. Some of these mitigations are compile-time configurable and some 11can be supplied on the kernel command line. 12 13There is also a class of mitigations which are very expensive, but they can 14be restricted to a certain set of processes or tasks in controlled 15environments. The mechanism to control these mitigations is via 16:manpage:`prctl(2)`. 17 18There are two prctl options which are related to this: 19 20 * PR_GET_SPECULATION_CTRL 21 22 * PR_SET_SPECULATION_CTRL 23 24PR_GET_SPECULATION_CTRL 25----------------------- 26 27PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature 28which is selected with arg2 of prctl(2). The return value uses bits 0-3 with 29the following meaning: 30 31==== ====================== ================================================== 32Bit Define Description 33==== ====================== ================================================== 340 PR_SPEC_PRCTL Mitigation can be controlled per task by 35 PR_SET_SPECULATION_CTRL. 361 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is 37 disabled. 382 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is 39 enabled. 403 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A 41 subsequent prctl(..., PR_SPEC_ENABLE) will fail. 424 PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be 43 cleared on :manpage:`execve(2)`. 44==== ====================== ================================================== 45 46If all bits are 0 the CPU is not affected by the speculation misfeature. 47 48If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is 49available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation 50misfeature will fail. 51 52PR_SET_SPECULATION_CTRL 53----------------------- 54 55PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which 56is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand 57in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or 58PR_SPEC_FORCE_DISABLE. 59 60Common error codes 61------------------ 62======= ================================================================= 63Value Meaning 64======= ================================================================= 65EINVAL The prctl is not implemented by the architecture or unused 66 prctl(2) arguments are not 0. 67 68ENODEV arg2 is selecting a not supported speculation misfeature. 69======= ================================================================= 70 71PR_SET_SPECULATION_CTRL error codes 72----------------------------------- 73======= ================================================================= 74Value Meaning 75======= ================================================================= 760 Success 77 78ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor 79 PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE. 80 81ENXIO Control of the selected speculation misfeature is not possible. 82 See PR_GET_SPECULATION_CTRL. 83 84EPERM Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller 85 tried to enable it again. 86======= ================================================================= 87 88Speculation misfeature controls 89------------------------------- 90- PR_SPEC_STORE_BYPASS: Speculative Store Bypass 91 92 Invocations: 93 * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0); 94 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); 95 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); 96 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); 97 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0); 98 99- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes 100 (Mitigate Spectre V2 style attacks against user processes) 101 102 Invocations: 103 * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); 104 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); 105 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); 106 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); 107