From: Jeremy Linton <jeremy.linton@arm.com>
To: Stefan Wahren <stefan.wahren@i2se.com>,
Dave Martin <Dave.Martin@arm.com>
Cc: mark.rutland@arm.com, julien.thierry@arm.com,
mlangsdo@redhat.com,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
suzuki.poulose@arm.com, marc.zyngier@arm.com,
catalin.marinas@arm.com,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
steven.price@arm.com, shankerd@codeaurora.org,
Dave Hansen <dave.hansen@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
ykaukab@suse.de, Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state
Date: Thu, 3 Jan 2019 14:32:44 -0600 [thread overview]
Message-ID: <5818faa8-e820-7aee-5aaa-42ced65d6f9d@arm.com> (raw)
In-Reply-To: <1951199845.271163.1546543806398@email.ionos.de>
Hi,
On 01/03/2019 01:30 PM, Stefan Wahren wrote:
> Hi Jeremy,
>
>> Jeremy Linton <jeremy.linton@arm.com> hat am 3. Januar 2019 um 17:46 geschrieben:
>>
>>
>> Hi,
>>
>> On 01/03/2019 10:37 AM, Dave Martin wrote:
>>> On Wed, Jan 02, 2019 at 06:49:15PM -0600, Jeremy Linton wrote:
>>>> There is a lot of variation in the Arm ecosystem. Because of this,
>>>> there exist possible cases where the kernel cannot authoritatively
>>>> determine if a machine is vulnerable.
>>>>
>>>> Rather than guess the vulnerability status in cases where
>>>> the mitigation is disabled or the firmware isn't responding
>>>> correctly, we need to display an "Unknown" state.
>>>>
>
> i applied your patch series on linux-next-20190103. On my Raspberry Pi 3B+ (defconfig) i'm getting this from sysfs:
>
> l1tf:Not affected
> meltdown:Not affected
> spec_store_bypass:Unknown
> spectre_v1:Mitigation: __user pointer sanitization
> spectre_v2:Unknown
>
> AFAIK it has 4 Cortex-A53 cores (no PSCI firmware), so shouldn't be affected.
So, for spec_store_bypass, as you noted your getting hit by the lack of
psci/smccc to report the ssb state, and this patch is just reflecting that.
In the case of spectrev2 it may be correct to blame this patch set
because its displaying "unknown" since your core isn't in the black
list, and your core isn't new enough to have the csv2 bit indicating its
not vulnerable. In this case if we do away with the unknown state, we
should probably depend entirely on the black list and simply display
"Not affected" if the core isn't listed. (meaning we may report cores
not affected when they are missing from the blacklist).
> How can this be fixed?
For ssb, the correct answer is probably fix the firmware, but given the
situation, its likely this kind of machine is going to force an
additional MIDR list to report the state correctly. Maybe Will or
someone can chime in here?
For spectrev2, wait for another version of this patch.
WARNING: multiple messages have this Message-ID (diff)
From: Jeremy Linton <jeremy.linton@arm.com>
To: Stefan Wahren <stefan.wahren@i2se.com>,
Dave Martin <Dave.Martin@arm.com>
Cc: mark.rutland@arm.com, julien.thierry@arm.com,
mlangsdo@redhat.com,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
suzuki.poulose@arm.com, marc.zyngier@arm.com,
catalin.marinas@arm.com,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
will.deacon@arm.com, linux-kernel@vger.kernel.org,
steven.price@arm.com, Dave Hansen <dave.hansen@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
ykaukab@suse.de, Thomas Gleixner <tglx@linutronix.de>,
shankerd@codeaurora.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state
Date: Thu, 3 Jan 2019 14:32:44 -0600 [thread overview]
Message-ID: <5818faa8-e820-7aee-5aaa-42ced65d6f9d@arm.com> (raw)
In-Reply-To: <1951199845.271163.1546543806398@email.ionos.de>
Hi,
On 01/03/2019 01:30 PM, Stefan Wahren wrote:
> Hi Jeremy,
>
>> Jeremy Linton <jeremy.linton@arm.com> hat am 3. Januar 2019 um 17:46 geschrieben:
>>
>>
>> Hi,
>>
>> On 01/03/2019 10:37 AM, Dave Martin wrote:
>>> On Wed, Jan 02, 2019 at 06:49:15PM -0600, Jeremy Linton wrote:
>>>> There is a lot of variation in the Arm ecosystem. Because of this,
>>>> there exist possible cases where the kernel cannot authoritatively
>>>> determine if a machine is vulnerable.
>>>>
>>>> Rather than guess the vulnerability status in cases where
>>>> the mitigation is disabled or the firmware isn't responding
>>>> correctly, we need to display an "Unknown" state.
>>>>
>
> i applied your patch series on linux-next-20190103. On my Raspberry Pi 3B+ (defconfig) i'm getting this from sysfs:
>
> l1tf:Not affected
> meltdown:Not affected
> spec_store_bypass:Unknown
> spectre_v1:Mitigation: __user pointer sanitization
> spectre_v2:Unknown
>
> AFAIK it has 4 Cortex-A53 cores (no PSCI firmware), so shouldn't be affected.
So, for spec_store_bypass, as you noted your getting hit by the lack of
psci/smccc to report the ssb state, and this patch is just reflecting that.
In the case of spectrev2 it may be correct to blame this patch set
because its displaying "unknown" since your core isn't in the black
list, and your core isn't new enough to have the csv2 bit indicating its
not vulnerable. In this case if we do away with the unknown state, we
should probably depend entirely on the black list and simply display
"Not affected" if the core isn't listed. (meaning we may report cores
not affected when they are missing from the blacklist).
> How can this be fixed?
For ssb, the correct answer is probably fix the firmware, but given the
situation, its likely this kind of machine is going to force an
additional MIDR list to report the state correctly. Maybe Will or
someone can chime in here?
For spectrev2, wait for another version of this patch.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-01-03 20:32 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-03 0:49 [PATCH v2 0/7] add system vulnerability sysfs entries Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 9:38 ` Greg Kroah-Hartman
2019-01-03 9:38 ` Greg Kroah-Hartman
2019-01-03 16:38 ` Jeremy Linton
2019-01-03 16:38 ` Jeremy Linton
2019-01-03 16:48 ` Greg Kroah-Hartman
2019-01-03 16:48 ` Greg Kroah-Hartman
2019-01-04 14:08 ` Dave Martin
2019-01-04 14:08 ` Dave Martin
2019-01-04 14:18 ` Greg Kroah-Hartman
2019-01-04 14:18 ` Greg Kroah-Hartman
2019-01-04 14:55 ` Will Deacon
2019-01-04 14:55 ` Will Deacon
2019-01-03 16:37 ` Dave Martin
2019-01-03 16:37 ` Dave Martin
2019-01-03 16:46 ` Jeremy Linton
2019-01-03 16:46 ` Jeremy Linton
2019-01-03 19:30 ` Stefan Wahren
2019-01-03 19:30 ` Stefan Wahren
2019-01-03 20:32 ` Jeremy Linton [this message]
2019-01-03 20:32 ` Jeremy Linton
2019-01-04 10:13 ` Will Deacon
2019-01-04 10:13 ` Will Deacon
2019-01-03 0:49 ` [PATCH v2 2/7] arm64: kpti: move check for non-vulnerable CPUs to a function Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 3/7] arm64: add sysfs vulnerability show for meltdown Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 4/7] arm64: add sysfs vulnerability show for spectre v1 Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 5/7] arm64: add sysfs vulnerability show for spectre v2 Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 6/7] arm64: add sysfs vulnerability show for speculative store bypass Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
2019-01-03 0:49 ` [PATCH v2 7/7] arm64: enable generic CPU vulnerabilites support Jeremy Linton
2019-01-03 0:49 ` Jeremy Linton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5818faa8-e820-7aee-5aaa-42ced65d6f9d@arm.com \
--to=jeremy.linton@arm.com \
--cc=Dave.Martin@arm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=julien.thierry@arm.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=mlangsdo@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=shankerd@codeaurora.org \
--cc=stefan.wahren@i2se.com \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
--cc=ykaukab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.