1 =================== 2 Speculation Control 3 =================== 4 5 Quite some CPUs have speculation-related misfeatures which are in 6 fact vulnerabilities causing data leaks in various forms even across 7 privilege domains. 8 9 The kernel provides mitigation for such vulnerabilities in various 10 forms. Some of these mitigations are compile-time configurable and some 11 can be supplied on the kernel command line. 12 13 There is also a class of mitigations which are very expensive, but they can 14 be restricted to a certain set of processes or tasks in controlled 15 environments. The mechanism to control these mitigations is via 16 :manpage:`prctl(2)`. 17 18 There are two prctl options which are related to this: 19 20 * PR_GET_SPECULATION_CTRL 21 22 * PR_SET_SPECULATION_CTRL 23 24 PR_GET_SPECULATION_CTRL 25 ----------------------- 26 27 PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature 28 which is selected with arg2 of prctl(2). The return value uses bits 0-3 with 29 the following meaning: 30 31 ==== ====================== ================================================== 32 Bit Define Description 33 ==== ====================== ================================================== 34 0 PR_SPEC_PRCTL Mitigation can be controlled per task by 35 PR_SET_SPECULATION_CTRL. 36 1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is 37 disabled. 38 2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is 39 enabled. 40 3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A 41 subsequent prctl(..., PR_SPEC_ENABLE) will fail. 42 4 PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be 43 cleared on :manpage:`execve(2)`. 44 ==== ====================== ================================================== 45 46 If all bits are 0 the CPU is not affected by the speculation misfeature. 47 48 If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is 49 available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation 50 misfeature will fail. 51 52 .. _set_spec_ctrl: 53 54 PR_SET_SPECULATION_CTRL 55 ----------------------- 56 57 PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which 58 is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand 59 in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or 60 PR_SPEC_FORCE_DISABLE. 61 62 Common error codes 63 ------------------ 64 ======= ================================================================= 65 Value Meaning 66 ======= ================================================================= 67 EINVAL The prctl is not implemented by the architecture or unused 68 prctl(2) arguments are not 0. 69 70 ENODEV arg2 is selecting a not supported speculation misfeature. 71 ======= ================================================================= 72 73 PR_SET_SPECULATION_CTRL error codes 74 ----------------------------------- 75 ======= ================================================================= 76 Value Meaning 77 ======= ================================================================= 78 0 Success 79 80 ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor 81 PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE. 82 83 ENXIO Control of the selected speculation misfeature is not possible. 84 See PR_GET_SPECULATION_CTRL. 85 86 EPERM Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller 87 tried to enable it again. 88 ======= ================================================================= 89 90 Speculation misfeature controls 91 ------------------------------- 92 - PR_SPEC_STORE_BYPASS: Speculative Store Bypass 93 94 Invocations: 95 * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0); 96 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); 97 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); 98 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); 99 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0); 100 101 - PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes 102 (Mitigate Spectre V2 style attacks against user processes) 103 104 Invocations: 105 * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); 106 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); 107 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); 108 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); 109 110 - PR_SPEC_L1D_FLUSH: Flush L1D Cache on context switch out of the task 111 (works only when tasks run on non SMT cores) 112 113 Invocations: 114 * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, 0, 0, 0); 115 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_ENABLE, 0, 0); 116 * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_DISABLE, 0, 0);
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.