18c2ecf20Sopenharmony_ci===================
28c2ecf20Sopenharmony_ciSpeculation Control
38c2ecf20Sopenharmony_ci===================
48c2ecf20Sopenharmony_ci
58c2ecf20Sopenharmony_ciQuite some CPUs have speculation-related misfeatures which are in
68c2ecf20Sopenharmony_cifact vulnerabilities causing data leaks in various forms even across
78c2ecf20Sopenharmony_ciprivilege domains.
88c2ecf20Sopenharmony_ci
98c2ecf20Sopenharmony_ciThe kernel provides mitigation for such vulnerabilities in various
108c2ecf20Sopenharmony_ciforms. Some of these mitigations are compile-time configurable and some
118c2ecf20Sopenharmony_cican be supplied on the kernel command line.
128c2ecf20Sopenharmony_ci
138c2ecf20Sopenharmony_ciThere is also a class of mitigations which are very expensive, but they can
148c2ecf20Sopenharmony_cibe restricted to a certain set of processes or tasks in controlled
158c2ecf20Sopenharmony_cienvironments. The mechanism to control these mitigations is via
168c2ecf20Sopenharmony_ci:manpage:`prctl(2)`.
178c2ecf20Sopenharmony_ci
188c2ecf20Sopenharmony_ciThere are two prctl options which are related to this:
198c2ecf20Sopenharmony_ci
208c2ecf20Sopenharmony_ci * PR_GET_SPECULATION_CTRL
218c2ecf20Sopenharmony_ci
228c2ecf20Sopenharmony_ci * PR_SET_SPECULATION_CTRL
238c2ecf20Sopenharmony_ci
248c2ecf20Sopenharmony_ciPR_GET_SPECULATION_CTRL
258c2ecf20Sopenharmony_ci-----------------------
268c2ecf20Sopenharmony_ci
278c2ecf20Sopenharmony_ciPR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
288c2ecf20Sopenharmony_ciwhich is selected with arg2 of prctl(2). The return value uses bits 0-3 with
298c2ecf20Sopenharmony_cithe following meaning:
308c2ecf20Sopenharmony_ci
318c2ecf20Sopenharmony_ci==== ====================== ==================================================
328c2ecf20Sopenharmony_ciBit  Define                 Description
338c2ecf20Sopenharmony_ci==== ====================== ==================================================
348c2ecf20Sopenharmony_ci0    PR_SPEC_PRCTL          Mitigation can be controlled per task by
358c2ecf20Sopenharmony_ci                            PR_SET_SPECULATION_CTRL.
368c2ecf20Sopenharmony_ci1    PR_SPEC_ENABLE         The speculation feature is enabled, mitigation is
378c2ecf20Sopenharmony_ci                            disabled.
388c2ecf20Sopenharmony_ci2    PR_SPEC_DISABLE        The speculation feature is disabled, mitigation is
398c2ecf20Sopenharmony_ci                            enabled.
408c2ecf20Sopenharmony_ci3    PR_SPEC_FORCE_DISABLE  Same as PR_SPEC_DISABLE, but cannot be undone. A
418c2ecf20Sopenharmony_ci                            subsequent prctl(..., PR_SPEC_ENABLE) will fail.
428c2ecf20Sopenharmony_ci4    PR_SPEC_DISABLE_NOEXEC Same as PR_SPEC_DISABLE, but the state will be
438c2ecf20Sopenharmony_ci                            cleared on :manpage:`execve(2)`.
448c2ecf20Sopenharmony_ci==== ====================== ==================================================
458c2ecf20Sopenharmony_ci
468c2ecf20Sopenharmony_ciIf all bits are 0 the CPU is not affected by the speculation misfeature.
478c2ecf20Sopenharmony_ci
488c2ecf20Sopenharmony_ciIf PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
498c2ecf20Sopenharmony_ciavailable. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
508c2ecf20Sopenharmony_cimisfeature will fail.
518c2ecf20Sopenharmony_ci
528c2ecf20Sopenharmony_ci.. _set_spec_ctrl:
538c2ecf20Sopenharmony_ci
548c2ecf20Sopenharmony_ciPR_SET_SPECULATION_CTRL
558c2ecf20Sopenharmony_ci-----------------------
568c2ecf20Sopenharmony_ci
578c2ecf20Sopenharmony_ciPR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
588c2ecf20Sopenharmony_ciis selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
598c2ecf20Sopenharmony_ciin the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
608c2ecf20Sopenharmony_ciPR_SPEC_FORCE_DISABLE.
618c2ecf20Sopenharmony_ci
628c2ecf20Sopenharmony_ciCommon error codes
638c2ecf20Sopenharmony_ci------------------
648c2ecf20Sopenharmony_ci======= =================================================================
658c2ecf20Sopenharmony_ciValue   Meaning
668c2ecf20Sopenharmony_ci======= =================================================================
678c2ecf20Sopenharmony_ciEINVAL  The prctl is not implemented by the architecture or unused
688c2ecf20Sopenharmony_ci        prctl(2) arguments are not 0.
698c2ecf20Sopenharmony_ci
708c2ecf20Sopenharmony_ciENODEV  arg2 is selecting a not supported speculation misfeature.
718c2ecf20Sopenharmony_ci======= =================================================================
728c2ecf20Sopenharmony_ci
738c2ecf20Sopenharmony_ciPR_SET_SPECULATION_CTRL error codes
748c2ecf20Sopenharmony_ci-----------------------------------
758c2ecf20Sopenharmony_ci======= =================================================================
768c2ecf20Sopenharmony_ciValue   Meaning
778c2ecf20Sopenharmony_ci======= =================================================================
788c2ecf20Sopenharmony_ci0       Success
798c2ecf20Sopenharmony_ci
808c2ecf20Sopenharmony_ciERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
818c2ecf20Sopenharmony_ci        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.
828c2ecf20Sopenharmony_ci
838c2ecf20Sopenharmony_ciENXIO   Control of the selected speculation misfeature is not possible.
848c2ecf20Sopenharmony_ci        See PR_GET_SPECULATION_CTRL.
858c2ecf20Sopenharmony_ci
868c2ecf20Sopenharmony_ciEPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
878c2ecf20Sopenharmony_ci        tried to enable it again.
888c2ecf20Sopenharmony_ci======= =================================================================
898c2ecf20Sopenharmony_ci
908c2ecf20Sopenharmony_ciSpeculation misfeature controls
918c2ecf20Sopenharmony_ci-------------------------------
928c2ecf20Sopenharmony_ci- PR_SPEC_STORE_BYPASS: Speculative Store Bypass
938c2ecf20Sopenharmony_ci
948c2ecf20Sopenharmony_ci  Invocations:
958c2ecf20Sopenharmony_ci   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
968c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
978c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
988c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
998c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE_NOEXEC, 0, 0);
1008c2ecf20Sopenharmony_ci
1018c2ecf20Sopenharmony_ci- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes
1028c2ecf20Sopenharmony_ci                        (Mitigate Spectre V2 style attacks against user processes)
1038c2ecf20Sopenharmony_ci
1048c2ecf20Sopenharmony_ci  Invocations:
1058c2ecf20Sopenharmony_ci   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);
1068c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
1078c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
1088c2ecf20Sopenharmony_ci   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
109