On 11/20/2018 04:08 PM, Tim Chen wrote: > From: Jiri Kosina <jkosina@xxxxxxx> > > If 'prctl' mode of app2app protection from spectre_v2 is selected on > kernel command-line, we are currently applying STIBP protection to > tasks that restrict their indirect branch speculation via > > prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0); > > Let's extend this to cover also SECCOMP tasks (analogically to how we > apply SSBD protection). > > According to software guidance: > > "Setting ... STIBP ... on a logical processor prevents the predicted > targets of indirect branches on any logical processor of that core > from being controlled by software that executes (or executed > previously) on another logical processor of the same core." > > https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors > > Hence setting STIBP on a sandboxed task will prevent the task > from attacking other sibling threads or getting attacked. > > Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> > Signed-off-by: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx> > --- Will need this chunk added, which I missed in my update of Jiri's patch. Thanks. Tim diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c4d010d..d070e84 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -275,6 +275,7 @@ enum spectre_v2_app2app_cmd { { "off", SPECTRE_V2_APP2APP_CMD_NONE, false }, { "on", SPECTRE_V2_APP2APP_CMD_FORCE, true }, { "prctl", SPECTRE_V2_APP2APP_CMD_PRCTL, false }, + { "seccomp", SPECTRE_V2_APP2APP_CMD_SECCOMP, false }, }; static void __init spec_v2_app_print_cond(const char *reason, bool secure)
