[PATCH libgcrypt] Disable CPU speculation-related misfeatures

Jussi Kivilinna jussi.kivilinna at iki.fi
Sat Jun 14 08:24:50 CEST 2025 

Hello,

On 25/05/2025 18:25, Guido Trentalancia via Gcrypt-devel wrote:
> Disable CPU speculation-related misfeatures which are in
> fact vulnerabilities causing data leaks:
> 
>   - Speculative Store Bypass
>   - Indirect Branch Speculation
>   - Flush L1D Cache on context switch out of the task
> 
> For further information see the kernel documentation:
> Documentation/userspace-api/spec_ctrl.rst
> 
> Signed-off-by: Guido Trentalancia <guido at trentalancia.com>
> ---
>   src/global.c |   21 +++++++++++++++++++++
>   1 file changed, 21 insertions(+)
> 
> --- a/src/global.c	2024-04-26 14:08:12.000000000 +0200
> +++ b/src/global.c	2025-05-25 16:03:24.718598884 +0200
> @@ -33,6 +33,7 @@
>   #ifdef HAVE_SYSLOG
>   # include <syslog.h>
>   #endif /*HAVE_SYSLOG*/
> +#include <sys/prctl.h>
>   
>   #include "g10lib.h"
>   #include "gcrypt-testapi.h"
> @@ -95,6 +96,26 @@ global_init (void)
>       return;
>     _gcry_global_any_init_done = 1;
>   
> +/* Disable CPU speculation-related misfeatures which are in
> + * fact vulnerabilities causing data leaks: see the kernel
> + * documentation: Documentation/userspace-api/spec_ctrl.rst
> + *
> + * - Speculative Store Bypass
> + * - Indirect Branch Speculation
> + * - Flush L1D Cache on context switch out of the task
> + */
> +#ifdef PR_SPEC_STORE_BYPASS
> +  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
> +#endif
> +
> +#ifdef PR_SPEC_INDIRECT_BRANCH
> +  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
> +#endif
> +
> +#ifdef PR_SPEC_L1D_FLUSH
> +  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_L1D_FLUSH, PR_SPEC_FORCE_DISABLE, 0, 0);
> +#endif
> +

Do other crypto libraries do this? Surely this control should not be in library side but in
application. Libgcrypt could be loaded by application for number of reasons and not all
those use-cases require toggling these knobs (such as file checksumming, CRC or SHA). Even
worse, libgcrypt might be loaded by another library and actual application may not even
have knowledge of that. Libgcrypt might get loaded through library dependencies but
end up not being used by application at all (except initialization, global_init, etc).

-Jussi

More information about the Gcrypt-devel mailing list