Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

		/sys/devices/system/cpu/vulnerabilities/meltdown

		/sys/devices/system/cpu/vulnerabilities/spectre_v1

		/sys/devices/system/cpu/vulnerabilities/spectre_v2

		/sys/devices/system/cpu/vulnerabilities/spec_store_bypass

Date:		January 2018

Contact:	Linux kernel mailing list <linux-kernel@vger.kernel.org>

Description:	Information about CPU vulnerabilities

			allow data leaks with this option, which is equivalent

			to spectre_v2=off.

	nospec_store_bypass_disable

			[HW] Disable all mitigations for the Speculative Store Bypass vulnerability

	noxsave		[BUGS=X86] Disables x86 extended register state save

			and restore using xsave. The kernel will fallback to

			enabling legacy floating-point and sse state.

			Not specifying this option is equivalent to

			spectre_v2=auto.

	spec_store_bypass_disable=

			[HW] Control Speculative Store Bypass (SSB) Disable mitigation

			(Speculative Store Bypass vulnerability)

			Certain CPUs are vulnerable to an exploit against a

			a common industry wide performance optimization known

			as "Speculative Store Bypass" in which recent stores

			to the same memory location may not be observed by

			later loads during speculative execution. The idea

			is that such stores are unlikely and that they can

			be detected prior to instruction retirement at the

			end of a particular speculation execution window.

			In vulnerable processors, the speculatively forwarded

			store can be used in a cache side channel attack, for

			example to read memory to which the attacker does not

			directly have access (e.g. inside sandboxed code).

			This parameter controls whether the Speculative Store

			Bypass optimization is used.

			on      - Unconditionally disable Speculative Store Bypass

			off     - Unconditionally enable Speculative Store Bypass

			auto    - Kernel detects whether the CPU model contains an

				  implementation of Speculative Store Bypass and

				  picks the most appropriate mitigation. If the

				  CPU is not vulnerable, "off" is selected. If the

				  CPU is vulnerable the default mitigation is

				  architecture and Kconfig dependent. See below.

			prctl   - Control Speculative Store Bypass per thread

				  via prctl. Speculative Store Bypass is enabled

				  for a process by default. The state of the control

				  is inherited on fork.

			seccomp - Same as "prctl" above, but all seccomp threads

				  will disable SSB unless they explicitly opt out.

			Not specifying this option is equivalent to

			spec_store_bypass_disable=auto.

			Default mitigations:

			X86:	If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"

	spia_io_base=	[HW,MTD]

	spia_fio_base=

	spia_pedr=

The ioctl calls available on an instance of /dev/ppp attached to a

channel are:

* PPPIOCDETACH detaches the instance from the channel.  This ioctl is

  deprecated since the same effect can be achieved by closing the

  instance.  In order to prevent possible races this ioctl will fail

  with an EINVAL error if more than one file descriptor refers to this

  instance (i.e. as a result of dup(), dup2() or fork()).

* PPPIOCCONNECT connects this channel to a PPP interface.  The

  argument should point to an int containing the interface unit

  number.  It will return an EINVAL error if the channel is already

   no_new_privs

   seccomp_filter

   unshare

   spec_ctrl

.. only::  subproject and html

===================

Speculation Control

===================

Quite some CPUs have speculation-related misfeatures which are in

fact vulnerabilities causing data leaks in various forms even across

privilege domains.

The kernel provides mitigation for such vulnerabilities in various

forms. Some of these mitigations are compile-time configurable and some

can be supplied on the kernel command line.

There is also a class of mitigations which are very expensive, but they can

be restricted to a certain set of processes or tasks in controlled

environments. The mechanism to control these mitigations is via

:manpage:`prctl(2)`.

There are two prctl options which are related to this:

 * PR_GET_SPECULATION_CTRL

 * PR_SET_SPECULATION_CTRL

PR_GET_SPECULATION_CTRL

-----------------------

PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature

which is selected with arg2 of prctl(2). The return value uses bits 0-3 with

the following meaning:

==== ===================== ===================================================

Bit  Define                Description

==== ===================== ===================================================

0    PR_SPEC_PRCTL         Mitigation can be controlled per task by

                           PR_SET_SPECULATION_CTRL.

1    PR_SPEC_ENABLE        The speculation feature is enabled, mitigation is

                           disabled.

2    PR_SPEC_DISABLE       The speculation feature is disabled, mitigation is

                           enabled.

3    PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A

                           subsequent prctl(..., PR_SPEC_ENABLE) will fail.

==== ===================== ===================================================

If all bits are 0 the CPU is not affected by the speculation misfeature.

If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is

available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation

misfeature will fail.

PR_SET_SPECULATION_CTRL

-----------------------

PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which

is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand

in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or

PR_SPEC_FORCE_DISABLE.

Common error codes

------------------

======= =================================================================

Value   Meaning

======= =================================================================

EINVAL  The prctl is not implemented by the architecture or unused

        prctl(2) arguments are not 0.

ENODEV  arg2 is selecting a not supported speculation misfeature.

======= =================================================================

PR_SET_SPECULATION_CTRL error codes

-----------------------------------

======= =================================================================

Value   Meaning

======= =================================================================

0       Success

ERANGE  arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor

        PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.

ENXIO   Control of the selected speculation misfeature is not possible.

        See PR_GET_SPECULATION_CTRL.

EPERM   Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller

        tried to enable it again.

======= =================================================================

Speculation misfeature controls

-------------------------------

- PR_SPEC_STORE_BYPASS: Speculative Store Bypass

  Invocations:

   * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);

   * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);