On Tue, Nov 20, 2018 at 02:28:14PM -0800, Paul E. McKenney wrote:
> On Tue, Nov 20, 2018 at 12:42:43PM -0800, Joel Fernandes wrote:
> > On Sun, Nov 11, 2018 at 10:36:18AM -0800, Paul E. McKenney wrote:
> > > On Sun, Nov 11, 2018 at 10:09:16AM -0800, Joel Fernandes wrote:
> > > > On Sat, Nov 10,
On Tue, Nov 20, 2018 at 02:28:14PM -0800, Paul E. McKenney wrote:
> On Tue, Nov 20, 2018 at 12:42:43PM -0800, Joel Fernandes wrote:
> > On Sun, Nov 11, 2018 at 10:36:18AM -0800, Paul E. McKenney wrote:
> > > On Sun, Nov 11, 2018 at 10:09:16AM -0800, Joel Fernandes wrote:
> > > > On Sat, Nov 10,
Hi, Viresh
Best Regards!
Anson Huang
> -Original Message-
> From: Viresh Kumar [mailto:viresh.ku...@linaro.org]
> Sent: 2018年11月20日 18:49
> To: Anson Huang
> Cc: Zhang Rui ; Eduardo Valentin
> ; Linux PM list ; Linux
> Kernel Mailing List ; dl-linux-imx
>
> Subject: Re: [PATCH]
Hi, Viresh
Best Regards!
Anson Huang
> -Original Message-
> From: Viresh Kumar [mailto:viresh.ku...@linaro.org]
> Sent: 2018年11月20日 18:49
> To: Anson Huang
> Cc: Zhang Rui ; Eduardo Valentin
> ; Linux PM list ; Linux
> Kernel Mailing List ; dl-linux-imx
>
> Subject: Re: [PATCH]
The thermal driver is a standalone driver for monitoring SoC temperature
by enabling thermal sensor, so it can be enabled even when CONFIG_CPU_FREQ
is NOT set. So remove the dependency with CPU_THERMAL.
Introduce dummy function of legacy cooling register/unregister to make
thermal driver probe
On Mon, Nov 19, 2018 at 11:16:10AM +0100, David Hildenbrand wrote:
> PG_balloon was introduced to implement page migration/compaction for pages
> inflated in virtio-balloon. Nowadays, it is only a marker that a page is
> part of virtio-balloon and therefore logically offline.
>
> We also want to
The thermal driver is a standalone driver for monitoring SoC temperature
by enabling thermal sensor, so it can be enabled even when CONFIG_CPU_FREQ
is NOT set. So remove the dependency with CPU_THERMAL.
Introduce dummy function of legacy cooling register/unregister to make
thermal driver probe
On Mon, Nov 19, 2018 at 11:16:10AM +0100, David Hildenbrand wrote:
> PG_balloon was introduced to implement page migration/compaction for pages
> inflated in virtio-balloon. Nowadays, it is only a marker that a page is
> part of virtio-balloon and therefore logically offline.
>
> We also want to
On Tue, 20 Nov 2018, Michal Hocko wrote:
> From: Michal Hocko
>
> filemap_map_pages takes a speculative reference to each page in the
> range before it tries to lock that page. While this is correct it
> also can influence page migration which will bail out when seeing
> an elevated reference
On Tue, 20 Nov 2018, Michal Hocko wrote:
> From: Michal Hocko
>
> filemap_map_pages takes a speculative reference to each page in the
> range before it tries to lock that page. While this is correct it
> also can influence page migration which will bail out when seeing
> an elevated reference
On 2018/11/20 1:39, Peter Zijlstra wrote:
> On Thu, Nov 15, 2018 at 07:00:07AM +0800, Aubrey Li wrote:
>> Add a /proc//arch_state interface to expose per-task cpu specific
>> state values.
>>
>> Exposing AVX-512 Hi16_ZMM registers usage is for the user space job
>> scheduler to cluster AVX-512
On 2018/11/20 1:39, Peter Zijlstra wrote:
> On Thu, Nov 15, 2018 at 07:00:07AM +0800, Aubrey Li wrote:
>> Add a /proc//arch_state interface to expose per-task cpu specific
>> state values.
>>
>> Exposing AVX-512 Hi16_ZMM registers usage is for the user space job
>> scheduler to cluster AVX-512
Hi all,
Do you have any comments on this patch?
I found for our thermal driver(qoriq_thermal.c) there are different between the
following two git trees:
git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux.git
branch: next
Hi all,
Do you have any comments on this patch?
I found for our thermal driver(qoriq_thermal.c) there are different between the
following two git trees:
git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux.git
branch: next
On Tue, Nov 20, 2018 at 4:33 PM Tim Chen wrote:
>
> Implements arch_update_spec_restriction() for x86. Use STIBP to
> restrict speculative execution when running a task set to non-dumpable,
> or clear the restriction if the task is set to dumpable.
I don't think this necessarily makes sense.
On Tue, Nov 20, 2018 at 4:33 PM Tim Chen wrote:
>
> Implements arch_update_spec_restriction() for x86. Use STIBP to
> restrict speculative execution when running a task set to non-dumpable,
> or clear the restriction if the task is set to dumpable.
I don't think this necessarily makes sense.
On Tue, 20 Nov 2018, Baoquan He wrote:
> On 11/20/18 at 02:38pm, Vlastimil Babka wrote:
> > On 11/20/18 6:44 AM, Hugh Dickins wrote:
> > > [PATCH] mm: put_and_wait_on_page_locked() while page is migrated
> > >
> > > We have all assumed that it is essential to hold a page reference while
> > >
On Tue, 20 Nov 2018, Baoquan He wrote:
> On 11/20/18 at 02:38pm, Vlastimil Babka wrote:
> > On 11/20/18 6:44 AM, Hugh Dickins wrote:
> > > [PATCH] mm: put_and_wait_on_page_locked() while page is migrated
> > >
> > > We have all assumed that it is essential to hold a page reference while
> > >
On Tue, 20 Nov 2018, Vlastimil Babka wrote:
> On 11/20/18 6:44 AM, Hugh Dickins wrote:
> > [PATCH] mm: put_and_wait_on_page_locked() while page is migrated
> >
> > We have all assumed that it is essential to hold a page reference while
> > waiting on a page lock: partly to guarantee that there is
On Tue, 20 Nov 2018, Vlastimil Babka wrote:
> On 11/20/18 6:44 AM, Hugh Dickins wrote:
> > [PATCH] mm: put_and_wait_on_page_locked() while page is migrated
> >
> > We have all assumed that it is essential to hold a page reference while
> > waiting on a page lock: partly to guarantee that there is
Quoting Matthias Kaehlcke (2018-11-15 16:23:37)
> On Sun, Nov 11, 2018 at 06:12:29PM +0530, Taniya Das wrote:
> > On 11/4/2018 9:50 AM, Stephen Boyd wrote:
> > > Quoting Taniya Das (2018-11-02 20:06:00)
> > > > On 10/18/2018 5:02 AM, Stephen Boyd wrote:
> > > > > Quoting Taniya Das (2018-10-11
Quoting Matthias Kaehlcke (2018-11-15 16:23:37)
> On Sun, Nov 11, 2018 at 06:12:29PM +0530, Taniya Das wrote:
> > On 11/4/2018 9:50 AM, Stephen Boyd wrote:
> > > Quoting Taniya Das (2018-11-02 20:06:00)
> > > > On 10/18/2018 5:02 AM, Stephen Boyd wrote:
> > > > > Quoting Taniya Das (2018-10-11
On 11/20/2018 04:44 PM, Jiri Kosina wrote:
> On Tue, 20 Nov 2018, Tim Chen wrote:
>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt
>> b/Documentation/admin-guide/kernel-parameters.txt
>> index d2255f7..89b193c 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>>
On 11/20/2018 04:44 PM, Jiri Kosina wrote:
> On Tue, 20 Nov 2018, Tim Chen wrote:
>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt
>> b/Documentation/admin-guide/kernel-parameters.txt
>> index d2255f7..89b193c 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>>
On Tue, 20 Nov 2018, Tim Chen wrote:
> diff --git a/Documentation/admin-guide/kernel-parameters.txt
> b/Documentation/admin-guide/kernel-parameters.txt
> index d2255f7..89b193c 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
On Tue, 20 Nov 2018, Tim Chen wrote:
> diff --git a/Documentation/admin-guide/kernel-parameters.txt
> b/Documentation/admin-guide/kernel-parameters.txt
> index d2255f7..89b193c 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
On 11/20/2018 03:59 PM, Tim Chen wrote:
> Fix in this version bugs causing build problems for UP configuration.
>
> Also merged in Jiri's change to extend STIBP for SECCOMP processes and
> renaming TIF_STIBP to TIF_SPEC_INDIR_BRANCH.
>
> I've updated the boot options spectre_v2_app2app to
> on,
On 11/20/2018 03:59 PM, Tim Chen wrote:
> Fix in this version bugs causing build problems for UP configuration.
>
> Also merged in Jiri's change to extend STIBP for SECCOMP processes and
> renaming TIF_STIBP to TIF_SPEC_INDIR_BRANCH.
>
> I've updated the boot options spectre_v2_app2app to
> on,
The Spectre V2 printout in cpu_show_common() handles conditionals for the
various mitigation methods directly in the sprintf() argument list. That's
hard to read and will become unreadable if more complex decisions need to
be made for a particular method.
Move the conditionals for STIBP and IBPB
If enhanced IBRS is engaged, STIBP is redundant in mitigating Spectre
v2 user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 8
1 file changed, 8 insertions(+)
diff --git
Remove unnecessary ret variable in cpu_show_common() to make the
code more concise.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 5ac7070..84e3579
Remove unnecessary else statement in spectre_v2_parse_cmdline()
to save a indentation level.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 27 +--
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c
The checks to cpu_smt_control outside of kernel/cpu.c can be converted
to use cpu_smt_enabled key to run SMT specific code.
Save the export of cpu_smt_control and convert usage of cpu_smt_control
to cpu_smt_enabled outside of kernel/cpu.c.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c
The Spectre V2 printout in cpu_show_common() handles conditionals for the
various mitigation methods directly in the sprintf() argument list. That's
hard to read and will become unreadable if more complex decisions need to
be made for a particular method.
Move the conditionals for STIBP and IBPB
If enhanced IBRS is engaged, STIBP is redundant in mitigating Spectre
v2 user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 8
1 file changed, 8 insertions(+)
diff --git
Remove unnecessary ret variable in cpu_show_common() to make the
code more concise.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 5ac7070..84e3579
Remove unnecessary else statement in spectre_v2_parse_cmdline()
to save a indentation level.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 27 +--
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c
The checks to cpu_smt_control outside of kernel/cpu.c can be converted
to use cpu_smt_enabled key to run SMT specific code.
Save the export of cpu_smt_control and convert usage of cpu_smt_control
to cpu_smt_enabled outside of kernel/cpu.c.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c
The logic to detect whether there's a change in the previous
and next task's flag relevant to update speculation control
MSRs are spread out across multiple functions.
Consolidate all checks needed for updating speculation
control MSRs to __speculation_ctrl_update().
This makes it easy to pick
The logic to detect whether there's a change in the previous
and next task's flag relevant to update speculation control
MSRs are spread out across multiple functions.
Consolidate all checks needed for updating speculation
control MSRs to __speculation_ctrl_update().
This makes it easy to pick
During context switch, the SSBD bit in SPEC_CTRL MSR is updated according
to changes in TIF_SSBD flag in the current and next running task.
Currently, only the bit controlling speculative store in SPEC_CTRL MSR
is updated and the related update functions all have "speculative_store"
or "ssb" in
During context switch, the SSBD bit in SPEC_CTRL MSR is updated according
to changes in TIF_SSBD flag in the current and next running task.
Currently, only the bit controlling speculative store in SPEC_CTRL MSR
is updated and the related update functions all have "speculative_store"
or "ssb" in
Add new protection modes for Spectre v2 mitigations against
Spectre v2 attacks on user processes. There are three modes:
none mode:
In this mode, no mitigations are deployed.
strict mode:
In this mode, IBPB and STIBP are deployed on
on all tasks.
IBPB currently is applied to all tasks. However,
when spectre_v2_app2app_enabled is set to default
value SPECTRE_V2_APP2APP_PRCTL, only tasks marked with
TIF_SPEC_BRANCH_SPECULATION via prctl are protected against Spectre V2
sibling thread attack to minimize performance impact.
It makes sense to
In later code, STIBP will be turned on/off in the context switch code
path when SMT is enabled. Checks for SMT is best
avoided on such hot paths.
Create cpu_smt_enabled static key to turn on such SMT specific code
statically.
The key is enabled by default and its scope has nothing to do with
Add new protection modes for Spectre v2 mitigations against
Spectre v2 attacks on user processes. There are three modes:
none mode:
In this mode, no mitigations are deployed.
strict mode:
In this mode, IBPB and STIBP are deployed on
on all tasks.
IBPB currently is applied to all tasks. However,
when spectre_v2_app2app_enabled is set to default
value SPECTRE_V2_APP2APP_PRCTL, only tasks marked with
TIF_SPEC_BRANCH_SPECULATION via prctl are protected against Spectre V2
sibling thread attack to minimize performance impact.
It makes sense to
In later code, STIBP will be turned on/off in the context switch code
path when SMT is enabled. Checks for SMT is best
avoided on such hot paths.
Create cpu_smt_enabled static key to turn on such SMT specific code
statically.
The key is enabled by default and its scope has nothing to do with
Currently cpu_use_smt_and_hotplug is only set during boot time
to indicate if SMT is in use.
However, CPU topology may change and when the last SMT thread is offlined,
the SMT code path can be skipped. The sched_smt_present key detects
this condition.
Export sched_smt_present and incorporate it
From: Peter Zijlstra
From: Peter Zijlstra (Intel)
Currently the sched_smt_present static key is only enabled when we
encounter SMT topology. However there is demand to also disable the key
when the topology changes such that there is no SMT present anymore.
Implement this by making the key
Currently cpu_use_smt_and_hotplug is only set during boot time
to indicate if SMT is in use.
However, CPU topology may change and when the last SMT thread is offlined,
the SMT code path can be skipped. The sched_smt_present key detects
this condition.
Export sched_smt_present and incorporate it
From: Peter Zijlstra
From: Peter Zijlstra (Intel)
Currently the sched_smt_present static key is only enabled when we
encounter SMT topology. However there is demand to also disable the key
when the topology changes such that there is no SMT present anymore.
Implement this by making the key
When a task is made non-dumpable, a higher level of security is implied
implicitly as its memory is imposed with access restriction. Many
daemons touching sensitive data (e.g. sshd) make theselves non-dumpable.
Such tasks should have speculative execution restricted to protect them
from attacks
When a task is made non-dumpable, a higher level of security is implied
implicitly as its memory is imposed with access restriction. Many
daemons touching sensitive data (e.g. sshd) make theselves non-dumpable.
Such tasks should have speculative execution restricted to protect them
from attacks
When a task changes its dumpability, arch_update_spec_ctrl_restriction()
is called to place restriction on the task's speculative execution
according to dumpability changes.
Implements arch_update_spec_restriction() for x86. Use STIBP to
restrict speculative execution when running a task set to
My apology that the v6 patches are missing the first two patch in
the series. Resending the patch series as v7.
Fix in this version bugs causing build problems for UP configuration.
Also merged in Jiri's change to extend STIBP for SECCOMP processes and
renaming TIF_STIBP to
If STIBP is used all the time, tasks that do not need STIBP
protection will get unnecessarily slowed down by STIBP.
To apply STIBP only to tasks that need it, a new task TIF_STIBP flag is
created. A x86 CPU uses STIBP only for tasks labeled with TIF_STIBP.
During context switch, this flag is
From: Jiri Kosina
From: Jiri Kosina
If 'prctl' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
tasks that restrict their indirect branch speculation via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH,
STIBP is not needed when enhanced IBRS is used for Spectre V2 mitigation.
A CPU feature flag to indicate that enhanced IBRS is used will be handy
for skipping STIBP for this case.
Add X86_FEATURE_USE_IBRS_ENHANCED feature bit to indicate
enhanced IBRS is used for Spectre V2 mitigation.
Create PRCTL interface to restrict an application's indirect branch
speculation. This will protect the application against spectre v2 attack
from another application.
Invocations:
Check indirect branch speculation status with
- prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, 0, 0, 0);
When a task changes its dumpability, arch_update_spec_ctrl_restriction()
is called to place restriction on the task's speculative execution
according to dumpability changes.
Implements arch_update_spec_restriction() for x86. Use STIBP to
restrict speculative execution when running a task set to
My apology that the v6 patches are missing the first two patch in
the series. Resending the patch series as v7.
Fix in this version bugs causing build problems for UP configuration.
Also merged in Jiri's change to extend STIBP for SECCOMP processes and
renaming TIF_STIBP to
If STIBP is used all the time, tasks that do not need STIBP
protection will get unnecessarily slowed down by STIBP.
To apply STIBP only to tasks that need it, a new task TIF_STIBP flag is
created. A x86 CPU uses STIBP only for tasks labeled with TIF_STIBP.
During context switch, this flag is
From: Jiri Kosina
From: Jiri Kosina
If 'prctl' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
tasks that restrict their indirect branch speculation via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH,
STIBP is not needed when enhanced IBRS is used for Spectre V2 mitigation.
A CPU feature flag to indicate that enhanced IBRS is used will be handy
for skipping STIBP for this case.
Add X86_FEATURE_USE_IBRS_ENHANCED feature bit to indicate
enhanced IBRS is used for Spectre V2 mitigation.
Create PRCTL interface to restrict an application's indirect branch
speculation. This will protect the application against spectre v2 attack
from another application.
Invocations:
Check indirect branch speculation status with
- prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, 0, 0, 0);
On 11/20/18 9:42 PM, Kirill A. Shutemov wrote:
On Tue, Nov 20, 2018 at 08:10:51PM +0800, Yang Shi wrote:
On 11/20/18 4:57 PM, Kirill A. Shutemov wrote:
On Fri, Nov 16, 2018 at 08:56:04AM -0800, Yang Shi wrote:
a8dda165ec vfree: add debug might_sleep()
dd2283f260 mm: mmap: zap pages with
On 11/20/18 9:42 PM, Kirill A. Shutemov wrote:
On Tue, Nov 20, 2018 at 08:10:51PM +0800, Yang Shi wrote:
On 11/20/18 4:57 PM, Kirill A. Shutemov wrote:
On Fri, Nov 16, 2018 at 08:56:04AM -0800, Yang Shi wrote:
a8dda165ec vfree: add debug might_sleep()
dd2283f260 mm: mmap: zap pages with
The Spectre V2 printout in cpu_show_common() handles conditionals for the
various mitigation methods directly in the sprintf() argument list. That's
hard to read and will become unreadable if more complex decisions need to
be made for a particular method.
Move the conditionals for STIBP and IBPB
The Spectre V2 printout in cpu_show_common() handles conditionals for the
various mitigation methods directly in the sprintf() argument list. That's
hard to read and will become unreadable if more complex decisions need to
be made for a particular method.
Move the conditionals for STIBP and IBPB
Fix in this version bugs causing build problems for UP configuration.
Also merged in Jiri's change to extend STIBP for SECCOMP processes and
renaming TIF_STIBP to TIF_SPEC_INDIR_BRANCH.
I've updated the boot options spectre_v2_app2app to
on, off, auto, prctl and seccomp. This aligns with
the
STIBP is not needed when enhanced IBRS is used for Spectre V2 mitigation.
A CPU feature flag to indicate that enhanced IBRS is used will be handy
for skipping STIBP for this case.
Add X86_FEATURE_USE_IBRS_ENHANCED feature bit to indicate
enhanced IBRS is used for Spectre V2 mitigation.
Fix in this version bugs causing build problems for UP configuration.
Also merged in Jiri's change to extend STIBP for SECCOMP processes and
renaming TIF_STIBP to TIF_SPEC_INDIR_BRANCH.
I've updated the boot options spectre_v2_app2app to
on, off, auto, prctl and seccomp. This aligns with
the
STIBP is not needed when enhanced IBRS is used for Spectre V2 mitigation.
A CPU feature flag to indicate that enhanced IBRS is used will be handy
for skipping STIBP for this case.
Add X86_FEATURE_USE_IBRS_ENHANCED feature bit to indicate
enhanced IBRS is used for Spectre V2 mitigation.
If STIBP is used all the time, tasks that do not need STIBP
protection will get unnecessarily slowed down by STIBP.
To apply STIBP only to tasks that need it, a new task TIF_STIBP flag is
created. A x86 CPU uses STIBP only for tasks labeled with TIF_STIBP.
During context switch, this flag is
IBPB currently is applied to all tasks. However,
when spectre_v2_app2app_enabled is set to default
value SPECTRE_V2_APP2APP_PRCTL, only tasks marked with
TIF_SPEC_BRANCH_SPECULATION via prctl are protected against Spectre V2
sibling thread attack to minimize performance impact.
Extend this
If STIBP is used all the time, tasks that do not need STIBP
protection will get unnecessarily slowed down by STIBP.
To apply STIBP only to tasks that need it, a new task TIF_STIBP flag is
created. A x86 CPU uses STIBP only for tasks labeled with TIF_STIBP.
During context switch, this flag is
IBPB currently is applied to all tasks. However,
when spectre_v2_app2app_enabled is set to default
value SPECTRE_V2_APP2APP_PRCTL, only tasks marked with
TIF_SPEC_BRANCH_SPECULATION via prctl are protected against Spectre V2
sibling thread attack to minimize performance impact.
Extend this
During context switch, the SSBD bit in SPEC_CTRL MSR is updated according
to changes in TIF_SSBD flag in the current and next running task.
Currently, only the bit controlling speculative store in SPEC_CTRL MSR
is updated and the related update functions all have "speculative_store"
or "ssb" in
When a task changes its dumpability, arch_update_spec_ctrl_restriction()
is called to place restriction on the task's speculative execution
according to dumpability changes.
Implements arch_update_spec_restriction() for x86. Use STIBP to
restrict speculative execution when running a task set to
During context switch, the SSBD bit in SPEC_CTRL MSR is updated according
to changes in TIF_SSBD flag in the current and next running task.
Currently, only the bit controlling speculative store in SPEC_CTRL MSR
is updated and the related update functions all have "speculative_store"
or "ssb" in
When a task changes its dumpability, arch_update_spec_ctrl_restriction()
is called to place restriction on the task's speculative execution
according to dumpability changes.
Implements arch_update_spec_restriction() for x86. Use STIBP to
restrict speculative execution when running a task set to
Add new protection modes for Spectre v2 mitigations against
Spectre v2 attacks on user processes. There are three modes:
none mode:
In this mode, no mitigations are deployed.
strict mode:
In this mode, IBPB and STIBP are deployed on
on all tasks.
The checks to cpu_smt_control outside of kernel/cpu.c can be converted
to use cpu_smt_enabled key to run SMT specific code.
Save the export of cpu_smt_control and convert usage of cpu_smt_control
to cpu_smt_enabled outside of kernel/cpu.c.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c
In later code, STIBP will be turned on/off in the context switch code
path when SMT is enabled. Checks for SMT is best
avoided on such hot paths.
Create cpu_smt_enabled static key to turn on such SMT specific code
statically.
The key is enabled by default and its scope has nothing to do with
Add new protection modes for Spectre v2 mitigations against
Spectre v2 attacks on user processes. There are three modes:
none mode:
In this mode, no mitigations are deployed.
strict mode:
In this mode, IBPB and STIBP are deployed on
on all tasks.
The checks to cpu_smt_control outside of kernel/cpu.c can be converted
to use cpu_smt_enabled key to run SMT specific code.
Save the export of cpu_smt_control and convert usage of cpu_smt_control
to cpu_smt_enabled outside of kernel/cpu.c.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c
In later code, STIBP will be turned on/off in the context switch code
path when SMT is enabled. Checks for SMT is best
avoided on such hot paths.
Create cpu_smt_enabled static key to turn on such SMT specific code
statically.
The key is enabled by default and its scope has nothing to do with
If enhanced IBRS is engaged, STIBP is redundant in mitigating Spectre
v2 user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 8
1 file changed, 8 insertions(+)
diff --git
From: Peter Zijlstra
From: Peter Zijlstra (Intel)
Currently the sched_smt_present static key is only enabled when we
encounter SMT topology. However there is demand to also disable the key
when the topology changes such that there is no SMT present anymore.
Implement this by making the key
If enhanced IBRS is engaged, STIBP is redundant in mitigating Spectre
v2 user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
---
arch/x86/kernel/cpu/bugs.c | 8
1 file changed, 8 insertions(+)
diff --git
From: Peter Zijlstra
From: Peter Zijlstra (Intel)
Currently the sched_smt_present static key is only enabled when we
encounter SMT topology. However there is demand to also disable the key
when the topology changes such that there is no SMT present anymore.
Implement this by making the key
The logic to detect whether there's a change in the previous
and next task's flag relevant to update speculation control
MSRs are spread out across multiple functions.
Consolidate all checks needed for updating speculation
control MSRs to __speculation_ctrl_update().
This makes it easy to pick
From: Jiri Kosina
From: Jiri Kosina
If 'prctl' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
tasks that restrict their indirect branch speculation via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH,
The logic to detect whether there's a change in the previous
and next task's flag relevant to update speculation control
MSRs are spread out across multiple functions.
Consolidate all checks needed for updating speculation
control MSRs to __speculation_ctrl_update().
This makes it easy to pick
From: Jiri Kosina
From: Jiri Kosina
If 'prctl' mode of app2app protection from spectre_v2 is selected on
kernel command-line, we are currently applying STIBP protection to
tasks that restrict their indirect branch speculation via
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH,
When a task is made non-dumpable, a higher level of security is implied
implicitly as its memory is imposed with access restriction. Many
daemons touching sensitive data (e.g. sshd) make theselves non-dumpable.
Such tasks should have speculative execution restricted to protect them
from attacks
When a task is made non-dumpable, a higher level of security is implied
implicitly as its memory is imposed with access restriction. Many
daemons touching sensitive data (e.g. sshd) make theselves non-dumpable.
Such tasks should have speculative execution restricted to protect them
from attacks
Currently cpu_use_smt_and_hotplug is only set during boot time
to indicate if SMT is in use.
However, CPU topology may change and when the last SMT thread is offlined,
the SMT code path can be skipped. The sched_smt_present key detects
this condition.
Export sched_smt_present and incorporate it
Create PRCTL interface to restrict an application's indirect branch
speculation. This will protect the application against spectre v2 attack
from another application.
Invocations:
Check indirect branch speculation status with
- prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, 0, 0, 0);
201 - 300 of 1736 matches
Mail list logo