Re: [PATCH v12.1] prctl.2: PR_[SET|GET]_SPECULATION_CTRL

["Michael Kerrisk (man-opages)" <mtk.manpages@xxxxxxxxx>]

Hello Konrad,

On 05/22/2018 01:21 AM, Konrad Rzeszutek Wilk wrote:
> field.
>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Thanks. I've applied this patch, and done quite a bit of editing
Could you take a look in the Git repo, to check that I did not
make any bad edit, please?

Thanks,

Michael


> ---
> v8: New patch
> v9: s/EUCLEAN/EINVAL/
>     Also add section in PR_SET_SPECULATION_CTRL about arg[4,5] being zero.
> v12.1:
>     s/bits 0-2/bits 0-3/
>     Add PR_SPEC_FORCE_DISABLE and its EPERM return value.
> ---
>   man2/prctl.2 | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 143 insertions(+)
>
> diff --git a/man2/prctl.2 b/man2/prctl.2
> index 54764d881..87135a0b3 100644
> --- a/man2/prctl.2
> +++ b/man2/prctl.2
> @@ -1008,6 +1008,102 @@ the "securebits" flags of the calling thread.
>   See
>   .BR capabilities (7).
>   .TP
> +.BR PR_GET_SPECULATION_CTRL
> +Returns the state of the speculation misfeature which is selected with
> +the value of
> +.IR arg2 ,
> +which must be
> +.B PR_SPEC_STORE_BYPASS.
> +Otherwise the call fails with the error
> +.BR ENODEV .
> +The return value uses bit 0-3 with the following meaning:
> +.RS
> +.TP
> +.BR PR_SPEC_PRCTL
> +Mitigation can be controlled per task by
> +.B PR_SET_SPECULATION_CTRL
> +.TP
> +.BR PR_SPEC_ENABLE
> +The speculation feature is enabled, mitigation is disabled.
> +.TP
> +.BR PR_SPEC_DISABLE
> +The speculation feature is disabled, mitigation is enabled
> +.TP
> +.BR PR_SPEC_FORCE_DISABLE
> +Same as
> +.B PR_SPEC_DISABLE
> +but cannot be undone.
> +.RE
> +.IP
> +If all bits are
> +.B 0
> +then the CPU is not affected by the speculation misfeature.
> +.IP
> +If
> +.B PR_SPEC_PRCTL
> +is set, then the per task control of the mitigation is available. If not set,
> +.B prctl()
> +for the speculation misfeature will fail.
> +In the above operation
> +.I arg3
> +,
> +.I arg4,
> +and
> +.I arg5
> +must be specified as 0, otherwise the call fails with the error
> +.BR EINVAL.
> +.TP
> +.BR PR_SET_SPECULATION_CTRL
> +Sets the state of the speculation misfeature which is selected with
> +the value of
> +.IR arg2 ,
> +which must be
> +.B PR_SPEC_STORE_BYPASS.
> +Otherwise the call fails with the error
> +.BR ENODEV .
> +This control is per task. The
> +.IR arg3
> +is used to hand in the control value, which can be either:
> +.RS
> +.TP
> +.BR PR_SPEC_ENABLE
> +The speculation feature is enabled, mitigation is disabled.
> +.TP
> +.BR PR_SPEC_DISABLE
> +The speculation feature is disabled, mitigation is enabled
> +.TP
> +.BR PR_SPEC_FORCE_DISABLE
> +Same as
> +.B PR_SPEC_DISABLE
> +but cannot be undone. A subsequent
> +.B
> +prctl(..., PR_SPEC_ENABLE)
> +will fail with
> +.BR EPERM.
> +.RE
> +.IP
> +Any other value in
> +.IR arg3
> +will result in the call failure with the error
> +.BR ERANGE .
> +Also
> +.I arg4,
> +and
> +.I arg5
> +must be specified as 0, otherwise the call fails with ethe rror
> +.BR EINVAL.
> +.IP
> +Furtheremore this speculation feature can also be controlled by the boot-time
> +parameter of
> +.B
> +spec_store_bypass_disable=
> +Which could enforce a read-only policy which will result in the call failure
> +with the error
> +.BR ENXIO .
> +Consult the
> +.B PR_GET_SPECULATION_CTRL
> +for details on the possible enumerations.
> +.TP
>   .BR PR_SET_THP_DISABLE " (since Linux 3.15)"
>   .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
>   Set the state of the "THP disable" flag for the calling thread.
> @@ -1501,6 +1597,12 @@ and
>   .IR arg3
>   does not specify a valid capability.
>   .TP
> +.B ENODEV
> +.I option
> +was
> +.BR PR_SET_SPECULATION_CTRL
> +the kernel or CPU does not support the requested speculation misfeature.
> +.TP
>   .B ENXIO
>   .I option
>   was
> @@ -1510,6 +1612,15 @@ or
>   and the kernel or the CPU does not support MPX management.
>   Check that the kernel and processor have MPX support.
>   .TP
> +.B ENXIO
> +.I option
> +was
> +.BR PR_SET_SPECULATION_CTRL
> +implies that the control of the selected speculation misfeature is not possible.
> +See
> +.BR PR_GET_SPECULATION_CTRL
> +for the bit fields to determine which option is available.
> +.TP
>   .B EOPNOTSUPP
>   .I option
>   is
> @@ -1533,6 +1644,14 @@ or tried to set a flag whose corresponding locked flag was set
>   .B EPERM
>   .I option
>   is
> +.BR PR_SET_SPECULATION_CTRL
> +wherein the speculation was disabled with
> +.B PR_SPEC_FORCE_DISABLE
> +and caller tried to enable it again.
> +.TP
> +.B EPERM
> +.I option
> +is
>   .BR PR_SET_KEEPCAPS ,
>   and the caller's
>   .B SECBIT_KEEP_CAPS_LOCKED
> @@ -1570,6 +1689,30 @@ is not present in the process's permitted and inheritable capability sets,
>   or the
>   .B PR_CAP_AMBIENT_LOWER
>   securebit has been set.
> +.TP
> +.B ERANGE
> +.I option
> +was
> +.BR PR_SET_SPECULATION_CTRL
> +and
> +.IR arg3
> +is incorrect - neither
> +.B PR_SPEC_ENABLE
> +nor
> +.B PR_SPEC_DISABLE
> +nor
> +.B PR_SPEC_FORCE_DISABLE
> +was choosen
> +.TP
> +.B EINVAL
> +.I option
> +was
> +.BR PR_GET_SPECULATION_CTRL
> +or
> +.BR PR_SET_SPECULATION_CTRL
> +and unused arguments to
> +.B prctl()
> +are not 0.
>   .SH VERSIONS
>   The
>   .BR prctl ()
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html