xref: /OK3568_Linux_fs/kernel/Documentation/userspace-api/spec_ctrl.rst (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun===================
2*4882a593SmuzhiyunSpeculation Control
3*4882a593Smuzhiyun===================
4*4882a593Smuzhiyun
5*4882a593SmuzhiyunQuite some CPUs have speculation-related misfeatures which are in
6*4882a593Smuzhiyunfact vulnerabilities causing data leaks in various forms even across
7*4882a593Smuzhiyunprivilege domains.
8*4882a593Smuzhiyun
9*4882a593SmuzhiyunThe kernel provides mitigation for such vulnerabilities in various
10*4882a593Smuzhiyunforms. Some of these mitigations are compile-time configurable and some
11*4882a593Smuzhiyuncan be supplied on the kernel command line.
12*4882a593Smuzhiyun
13*4882a593SmuzhiyunThere is also a class of mitigations which are very expensive, but they can
14*4882a593Smuzhiyunbe restricted to a certain set of processes or tasks in controlled
15*4882a593Smuzhiyunenvironments. The mechanism to control these mitigations is via
16*4882a593Smuzhiyun:manpage:`prctl(2)`.
17*4882a593Smuzhiyun
18*4882a593SmuzhiyunThere are two prctl options which are related to this:
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun * PR_GET_SPECULATION_CTRL
21*4882a593Smuzhiyun
22*4882a593Smuzhiyun * PR_SET_SPECULATION_CTRL
23*4882a593Smuzhiyun
24*4882a593SmuzhiyunPR_GET_SPECULATION_CTRL
25*4882a593Smuzhiyun-----------------------
26*4882a593Smuzhiyun
27*4882a593SmuzhiyunPR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
28*4882a593Smuzhiyunwhich is selected with arg2 of prctl(2). The return value uses bits 0-3 with
29*4882a593Smuzhiyunthe following meaning:
30*4882a593Smuzhiyun
31*4882a593Smuzhiyun==== ====================== ==================================================
32*4882a593SmuzhiyunBit  Define                 Description
33*4882a593Smuzhiyun==== ====================== ==================================================
34*4882a593Smuzhiyun0    PR_SPEC_PRCTL          Mitigation can be controlled per task by
35*4882a593Smuzhiyun                            PR_SET_SPECULATION_CTRL.
36*4882a593Smuzhiyun1    PR_SPEC_ENABLE         The speculation feature is enabled, mitigation is
37*4882a593Smuzhiyun                            disabled.
38*4882a593Smuzhiyun2    PR_SPEC_DISABLE        The speculation feature is disabled, mitigation is
39*4882a593Smuzhiyun                            enabled.
40*4882a593Smuzhiyun3    PR_SPEC_FORCE_DISABLE  Same as PR_SPEC_DISABLE, but cannot be undone. A
41*4882a593Smuzhiyun                            subsequent prctl(..., PR_SPEC_ENABLE) will fail.
42*4882a593Smuzhiyun4    PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be
43*4882a593Smuzhiyun                            cleared on :manpage:`execve(2)`.
44*4882a593Smuzhiyun==== ====================== ==================================================
45*4882a593Smuzhiyun
46*4882a593SmuzhiyunIf all bits are 0 the CPU is not affected by the speculation misfeature.
47*4882a593Smuzhiyun
48*4882a593SmuzhiyunIf PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
49*4882a593Smuzhiyunavailable. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
50*4882a593Smuzhiyunmisfeature will fail.
51*4882a593Smuzhiyun
52*4882a593Smuzhiyun.. _set_spec_ctrl:
53*4882a593Smuzhiyun
54*4882a593SmuzhiyunPR_SET_SPECULATION_CTRL
55*4882a593Smuzhiyun-----------------------
56*4882a593Smuzhiyun
57*4882a593SmuzhiyunPR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
58*4882a593Smuzhiyunis selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
59*4882a593Smuzhiyunin the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
60*4882a593SmuzhiyunPR_SPEC_FORCE_DISABLE.
61*4882a593Smuzhiyun
62*4882a593SmuzhiyunCommon error codes
63*4882a593Smuzhiyun------------------
64*4882a593Smuzhiyun======= =================================================================
65*4882a593SmuzhiyunValue   Meaning
66*4882a593Smuzhiyun======= =================================================================
67*4882a593SmuzhiyunEINVAL  The prctl is not implemented by the architecture or unused
68*4882a593Smuzhiyun        prctl(2) arguments are not 0.
69*4882a593Smuzhiyun
70*4882a593SmuzhiyunENODEV  arg2 is selecting a not supported speculation misfeature.
71*4882a593Smuzhiyun======= =================================================================
72*4882a593Smuzhiyun
73*4882a593SmuzhiyunPR_SET_SPECULATION_CTRL error codes
74*4882a593Smuzhiyun-----------------------------------
75*4882a593Smuzhiyun======= =================================================================
76*4882a593SmuzhiyunValue   Meaning
77*4882a593Smuzhiyun======= =================================================================
78*4882a593Smuzhiyun0       Success
79*4882a593Smuzhiyun
80*4882a593SmuzhiyunERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
81*4882a593Smuzhiyun        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.
82*4882a593Smuzhiyun
83*4882a593SmuzhiyunENXIO   Control of the selected speculation misfeature is not possible.
84*4882a593Smuzhiyun        See PR_GET_SPECULATION_CTRL.
85*4882a593Smuzhiyun
86*4882a593SmuzhiyunEPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
87*4882a593Smuzhiyun        tried to enable it again.
88*4882a593Smuzhiyun======= =================================================================
89*4882a593Smuzhiyun
90*4882a593SmuzhiyunSpeculation misfeature controls
91*4882a593Smuzhiyun-------------------------------
92*4882a593Smuzhiyun- PR_SPEC_STORE_BYPASS: Speculative Store Bypass
93*4882a593Smuzhiyun
94*4882a593Smuzhiyun  Invocations:
95*4882a593Smuzhiyun   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
96*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
97*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
98*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
99*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0);
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
102*4882a593Smuzhiyun                        (Mitigate Spectre V2 style attacks against user processes)
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun  Invocations:
105*4882a593Smuzhiyun   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);
106*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
107*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
108*4882a593Smuzhiyun   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
109