RE: [PATCH] x86/speculation: Check whether speculation is force disabled

Thu, 04 Jun 2020 00:30:38 -0700 

>It conflicts with your new code. We can have an argument on whether IB should 
>follow how SSB is being handled. Before that is settled,

Thank you for the information.
It conflicts but I think users who read the below document get confused.
Documentation/userspace-api/spec_ctrl.rst.

Especially, seccomp users must know the difference of this implicit 
specification
because both IB and SSB are force disabled simultaneously when seccomp is 
enabled
without SECCOMP_FILTER_FLAG_SPEC_ALLOW on x86.

-----Original Message-----
From: Waiman Long <long...@redhat.com> 
Sent: Thursday, June 4, 2020 12:40 AM
To: Tada, Kenta (Sony) <kenta.t...@sony.com>; x...@kernel.org; 
t...@linutronix.de; mi...@redhat.com; b...@alien8.de; h...@zytor.com; 
jpoim...@redhat.com; pet...@infradead.org; tony.l...@intel.com; 
pawan.kumar.gu...@linux.intel.com
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/speculation: Check whether speculation is force 
disabled

On 6/3/20 3:12 AM, Tada, Kenta (Sony) wrote:
> Once PR_SPEC_FORCE_DISABLE is set, users cannot set PR_SPEC_ENABLE.
> This commit checks whether PR_SPEC_FORCE_DISABLE was previously set.
>
> Signed-off-by: Kenta Tada <kenta.t...@sony.com>
> ---
>   arch/x86/kernel/cpu/bugs.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c 
> index ed54b3b21c39..678ace157035 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -1173,6 +1173,9 @@ static int ib_prctl_set(struct task_struct *task, 
> unsigned long ctrl)
>               if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
>                   spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
>                       return -EPERM;
> +             /* If speculation is force disabled, enable is not allowed */
> +             if (task_spec_ib_force_disable(task))
> +                     return -EPERM;
>               task_clear_spec_ib_disable(task);
>               task_update_spec_tif(task);
>               break;

There is a comment up a few lines about this:

                 /*
                  * Indirect branch speculation is always allowed when
                  * mitigation is force disabled.
                  */
It conflicts with your new code. We can have an argument on whether IB should 
follow how SSB is being handled. Before that is settled,

Nacked-by: Waiman Long <long...@redhat.com>

Reply via email to