Re: [PATCH] x86/speculation: Check whether speculation is force disabled

From: Waiman Long
Date: Wed Jun 03 2020 - 11:40:46 EST


On 6/3/20 3:12 AM, Tada, Kenta (Sony) wrote:
Once PR_SPEC_FORCE_DISABLE is set, users cannot set PR_SPEC_ENABLE.
This commit checks whether PR_SPEC_FORCE_DISABLE was previously set.

Signed-off-by: Kenta Tada <Kenta.Tada@xxxxxxxx>
---
arch/x86/kernel/cpu/bugs.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index ed54b3b21c39..678ace157035 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1173,6 +1173,9 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
return -EPERM;
+ /* If speculation is force disabled, enable is not allowed */
+ if (task_spec_ib_force_disable(task))
+ return -EPERM;
task_clear_spec_ib_disable(task);
task_update_spec_tif(task);
break;

There is a comment up a few lines about this:

ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ /*
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ * Indirect branch speculation is always allowed when
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ * mitigation is force disabled.
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ */
It conflicts with your new code. We can have an argument on whether IB should follow how SSB is being handled. Before that is settled,

Nacked-by: Waiman Long <longman@xxxxxxxxxx>