Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes

From: Tim Chen
Date: Mon Nov 19 2018 - 19:08:46 EST

Next message: shuah: "Re: [PATCH 3.18 00/90] 3.18.126-stable review"
Previous message: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
In reply to: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Next in thread: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/19/2018 05:32 AM, Thomas Gleixner wrote:
> Tim,
>
> On Fri, 16 Nov 2018, Tim Chen wrote:
>
>> Add new protection modes for Spectre v2 mitigations against
>> Spectre v2 attacks on user processes. There are three modes:
>>
>> strict mode:
>> In this mode, IBPB and STIBP are deployed full
>> time to protect all processes.
>>
>> lite mode:
>> In this mode, IBPB and STIBP are only deployed on
>> processes marked with TIF_STIBP flag.
>>
>> none mode:
>> In this mode, no mitigations are deployed.
>>
>> The protection mode can be specified by the spectre_v2_app2app
>> boot parameter with the following semantics:
>>
>> spectre_v2_app2app=
>> off - Turn off mitigation
>> lite - Protect processes which are marked non-dumpable
>> strict - Protect all processes
>> auto - Kernel selects the mode
>
> Is there any reason why we need yet another naming convention?
>
> pti= on, off, auto
>
> spectre_v2= on, off, auto
>
> spec_store_bypass_disable = on, off, auto, prctl, seccomp

The "on" option is set by spectre_v2=on so is not specified here.
What will you like to name the "lite" and "strict" option instead?

>
>
>> Not specifying this option is equivalent to
>> spectre_v2_app2app=auto.
>
> For better understanding it's nowhere documented what auto does.

I'll add the documentation.

>
>> + spectre_v2_app2app=
>> + [X86] Control mitigation of Spectre variant 2
>> + application to application (indirect branch speculation)
>> + vulnerability.
>> +
>> + off - Unconditionally disable mitigations
>> + lite - Protect tasks which have requested restricted
>> + indirect branch speculation via the
>> + PR_SET_SPECULATION_CTRL prctl().
>> + strict - Protect all processes
>> + auto - Kernel selects the mode
>> +
>> + Not specifying this option is equivalent to
>> + spectre_v2_app2app=auto.
>> +
>> + Setting spectre_v2=off will also turn off this mitigation.
>> +
>> + Setting spectre_v2=on implies unconditionally enabling
>> + this mitigation.
>
> Can we please have a full documentation for all the spectre_v2 stuff
> similar to l1tf?
>

Sure. Can we do that as a separate patch? I'll need some time
and internal review for any spectre_v2 documentation that's produced.

Tim

Next message: shuah: "Re: [PATCH 3.18 00/90] 3.18.126-stable review"
Previous message: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
In reply to: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Next in thread: Thomas Gleixner: "Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]