proc: Provide details on speculation flaw mitigations

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

As done with seccomp and no_new_privs, also show speculation flaw
mitigation state in /proc/$pid/status.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

authored by

Kees Cook and committed by

Thomas Gleixner 8 years ago fae1fa0f 7bbf1373

+22

1 changed file

expand all

proc

array.c

+22

fs/proc/array.c

··· 85 85 #include <linux/delayacct.h> 86 86 #include <linux/seq_file.h> 87 87 #include <linux/pid_namespace.h> 88 + #include <linux/prctl.h> 88 89 #include <linux/ptrace.h> 89 90 #include <linux/tracehook.h> 90 91 #include <linux/string_helpers.h> ··· 336 335 #ifdef CONFIG_SECCOMP 337 336 seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode); 338 337 #endif 338 + seq_printf(m, "\nSpeculation Store Bypass:\t"); 339 + switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) { 340 + case -EINVAL: 341 + seq_printf(m, "unknown"); 342 + break; 343 + case PR_SPEC_NOT_AFFECTED: 344 + seq_printf(m, "not vulnerable"); 345 + break; 346 + case PR_SPEC_PRCTL | PR_SPEC_DISABLE: 347 + seq_printf(m, "thread mitigated"); 348 + break; 349 + case PR_SPEC_PRCTL | PR_SPEC_ENABLE: 350 + seq_printf(m, "thread vulnerable"); 351 + break; 352 + case PR_SPEC_DISABLE: 353 + seq_printf(m, "globally mitigated"); 354 + break; 355 + default: 356 + seq_printf(m, "vulnerable"); 357 + break; 358 + } 339 359 seq_putc(m, '\n'); 340 360 } 341 361