diff options
author | Kees Cook <keescook@chromium.org> | 2018-05-01 15:31:45 -0700 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2018-05-03 13:55:51 +0200 |
commit | fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64 (patch) | |
tree | 29f33c733c1cbc50f98bc3ecdcd7d89bfbaa8d1f /fs | |
parent | 7bbf1373e228840bb0295a2ca26d548ef37f448e (diff) |
proc: Provide details on speculation flaw mitigations
As done with seccomp and no_new_privs, also show speculation flaw
mitigation state in /proc/$pid/status.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/proc/array.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c index ae2c807fd719..303c155f9b04 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -85,6 +85,7 @@ #include <linux/delayacct.h> #include <linux/seq_file.h> #include <linux/pid_namespace.h> +#include <linux/prctl.h> #include <linux/ptrace.h> #include <linux/tracehook.h> #include <linux/string_helpers.h> @@ -335,6 +336,27 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p) #ifdef CONFIG_SECCOMP seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode); #endif + seq_printf(m, "\nSpeculation Store Bypass:\t"); + switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) { + case -EINVAL: + seq_printf(m, "unknown"); + break; + case PR_SPEC_NOT_AFFECTED: + seq_printf(m, "not vulnerable"); + break; + case PR_SPEC_PRCTL | PR_SPEC_DISABLE: + seq_printf(m, "thread mitigated"); + break; + case PR_SPEC_PRCTL | PR_SPEC_ENABLE: + seq_printf(m, "thread vulnerable"); + break; + case PR_SPEC_DISABLE: + seq_printf(m, "globally mitigated"); + break; + default: + seq_printf(m, "vulnerable"); + break; + } seq_putc(m, '\n'); } |