* [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory @ 2018-01-07 21:47 Thomas Gleixner 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner 0 siblings, 2 replies; 21+ messages in thread From: Thomas Gleixner @ 2018-01-07 21:47 UTC (permalink / raw) To: LKML Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon The meltdown/spectre vulnerabilities affect several architectures and people are asking for a common way to figure out whether a system is affected or not. Create /sys/devices/system/cpu/vulnerabilites and the files /sys/devices/system/cpu/vulnerabilites/meltdown /sys/devices/system/cpu/vulnerabilites/spectre_v1 /sys/devices/system/cpu/vulnerabilites/spectre_v2 Add the x86 implementation which shows: meltdown Mitigation: PTI spectre_v1 Vulnerable sepctre_v1 Vulnerable On an AMD CPU the output of meltdown is: Not affected. If PTI is turned off and the CPU is affected of meltdown the output becomes: Vulnerable That series applies on top of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/pti V1 -> V2: Add documentation and use sprintf Thanks, tglx ^ permalink raw reply [flat|nested] 21+ messages in thread
* [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner @ 2018-01-07 21:48 ` Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk ` (5 more replies) 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner 1 sibling, 6 replies; 21+ messages in thread From: Thomas Gleixner @ 2018-01-07 21:48 UTC (permalink / raw) To: LKML Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon [-- Attachment #1: sysfs-cpu--Add-vulnerability-folder.patch --] [-- Type: text/plain, Size: 4334 bytes --] As the meltdown/spectre problem affects several CPU architectures, it makes sense to have common way to express whether a system is affected by a particular vulnerability or not. If affected the way to express the mitigation should be common as well. Create /sys/devices/system/cpu/vulnerabilities folder and files for meltdown, spectre_v1 and spectre_v2. Allow architectures to override the show function. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> --- Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +++++++ drivers/base/Kconfig | 3 + drivers/base/cpu.c | 48 +++++++++++++++++++++ include/linux/cpu.h | 7 +++ 4 files changed, 74 insertions(+) --- a/Documentation/ABI/testing/sysfs-devices-system-cpu +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu @@ -373,3 +373,19 @@ Contact: Linux kernel mailing list <linu Description: information about CPUs heterogeneity. cpu_capacity: capacity of cpu#. + +What: /sys/devices/system/cpu/vulnerabilities + /sys/devices/system/cpu/vulnerabilities/meltdown + /sys/devices/system/cpu/vulnerabilities/spectre_v1 + /sys/devices/system/cpu/vulnerabilities/spectre_v2 +Date: Januar 2018 +Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> +Description: Information about CPU vulnerabilities + + The files are named after the code names of CPU + vulnerabilities. The output of those files reflects the + state of the CPUs in the system. Possible output values: + + "Not affected" CPU is not affected by the vulnerability + "Vulnerable" CPU is affected and no mitigation in effect + "Mitigation: $M" CPU is affetcted and mitigation $M is in effect --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -235,6 +235,9 @@ config GENERIC_CPU_DEVICES config GENERIC_CPU_AUTOPROBE bool +config GENERIC_CPU_VULNERABILITIES + bool + config SOC_BUS bool select GLOB --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -501,10 +501,58 @@ static void __init cpu_dev_register_gene #endif } +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES + +ssize_t __weak cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +ssize_t __weak cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +ssize_t __weak cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); + +static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, + &dev_attr_spectre_v1.attr, + &dev_attr_spectre_v2.attr, + NULL +}; + +static const struct attribute_group cpu_root_vulnerabilities_group = { + .name = "vulnerabilities", + .attrs = cpu_root_vulnerabilities_attrs, +}; + +static void __init cpu_register_vulnerabilities(void) +{ + if (sysfs_create_group(&cpu_subsys.dev_root->kobj, + &cpu_root_vulnerabilities_group)) + pr_err("Unable to register CPU vulnerabilities\n"); +} + +#else +static inline void cpu_register_vulnerabilities(void) { } +#endif + void __init cpu_dev_init(void) { if (subsys_system_register(&cpu_subsys, cpu_root_attr_groups)) panic("Failed to register CPU subsystem"); cpu_dev_register_generic(); + cpu_register_vulnerabilities(); } --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -47,6 +47,13 @@ extern void cpu_remove_dev_attr(struct d extern int cpu_add_dev_attr_group(struct attribute_group *attrs); extern void cpu_remove_dev_attr_group(struct attribute_group *attrs); +extern ssize_t cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf); +extern ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf); +extern ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf); + extern __printf(4, 5) struct device *cpu_device_create(struct device *parent, void *drvdata, const struct attribute_group **groups, ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner @ 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:53 ` Greg Kroah-Hartman ` (4 subsequent siblings) 5 siblings, 0 replies; 21+ messages in thread From: Konrad Rzeszutek Wilk @ 2018-01-07 22:14 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > As the meltdown/spectre problem affects several CPU architectures, it makes > sense to have common way to express whether a system is affected by a > particular vulnerability or not. If affected the way to express the > mitigation should be common as well. > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > meltdown, spectre_v1 and spectre_v2. > > Allow architectures to override the show function. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > --- > Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +++++++ > drivers/base/Kconfig | 3 + > drivers/base/cpu.c | 48 +++++++++++++++++++++ > include/linux/cpu.h | 7 +++ > 4 files changed, 74 insertions(+) > > --- a/Documentation/ABI/testing/sysfs-devices-system-cpu > +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu > @@ -373,3 +373,19 @@ Contact: Linux kernel mailing list <linu > Description: information about CPUs heterogeneity. > > cpu_capacity: capacity of cpu#. > + > +What: /sys/devices/system/cpu/vulnerabilities > + /sys/devices/system/cpu/vulnerabilities/meltdown > + /sys/devices/system/cpu/vulnerabilities/spectre_v1 > + /sys/devices/system/cpu/vulnerabilities/spectre_v2 > +Date: Januar 2018 s/Januar/January/ and with that Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Thank you! > +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES > + > +ssize_t __weak cpu_show_meltdown(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} > + > +ssize_t __weak cpu_show_spectre_v1(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} > + > +ssize_t __weak cpu_show_spectre_v2(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} > + > +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); > +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); > + > +static struct attribute *cpu_root_vulnerabilities_attrs[] = { > + &dev_attr_meltdown.attr, > + &dev_attr_spectre_v1.attr, > + &dev_attr_spectre_v2.attr, > + NULL > +}; > + > +static const struct attribute_group cpu_root_vulnerabilities_group = { > + .name = "vulnerabilities", > + .attrs = cpu_root_vulnerabilities_attrs, > +}; > + > +static void __init cpu_register_vulnerabilities(void) > +{ > + if (sysfs_create_group(&cpu_subsys.dev_root->kobj, > + &cpu_root_vulnerabilities_group)) > + pr_err("Unable to register CPU vulnerabilities\n"); > +} > + > +#else > +static inline void cpu_register_vulnerabilities(void) { } > +#endif > + > void __init cpu_dev_init(void) > { > if (subsys_system_register(&cpu_subsys, cpu_root_attr_groups)) > panic("Failed to register CPU subsystem"); > > cpu_dev_register_generic(); > + cpu_register_vulnerabilities(); > } > --- a/include/linux/cpu.h > +++ b/include/linux/cpu.h > @@ -47,6 +47,13 @@ extern void cpu_remove_dev_attr(struct d > extern int cpu_add_dev_attr_group(struct attribute_group *attrs); > extern void cpu_remove_dev_attr_group(struct attribute_group *attrs); > > +extern ssize_t cpu_show_meltdown(struct device *dev, > + struct device_attribute *attr, char *buf); > +extern ssize_t cpu_show_spectre_v1(struct device *dev, > + struct device_attribute *attr, char *buf); > +extern ssize_t cpu_show_spectre_v2(struct device *dev, > + struct device_attribute *attr, char *buf); > + > extern __printf(4, 5) > struct device *cpu_device_create(struct device *parent, void *drvdata, > const struct attribute_group **groups, > > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk @ 2018-01-08 6:53 ` Greg Kroah-Hartman 2018-01-08 7:29 ` Dominik Brodowski ` (3 subsequent siblings) 5 siblings, 0 replies; 21+ messages in thread From: Greg Kroah-Hartman @ 2018-01-08 6:53 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > As the meltdown/spectre problem affects several CPU architectures, it makes > sense to have common way to express whether a system is affected by a > particular vulnerability or not. If affected the way to express the > mitigation should be common as well. > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > meltdown, spectre_v1 and spectre_v2. > > Allow architectures to override the show function. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Thanks for the documentation update, looks good to me: Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:53 ` Greg Kroah-Hartman @ 2018-01-08 7:29 ` Dominik Brodowski 2018-01-08 7:33 ` Thomas Gleixner 2018-01-08 10:16 ` [tip:x86/pti] " tip-bot for Thomas Gleixner ` (2 subsequent siblings) 5 siblings, 1 reply; 21+ messages in thread From: Dominik Brodowski @ 2018-01-08 7:29 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > As the meltdown/spectre problem affects several CPU architectures, it makes > sense to have common way to express whether a system is affected by a > particular vulnerability or not. If affected the way to express the > mitigation should be common as well. > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > meltdown, spectre_v1 and spectre_v2. > > Allow architectures to override the show function. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > --- > Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +++++++ > drivers/base/Kconfig | 3 + > drivers/base/cpu.c | 48 +++++++++++++++++++++ > include/linux/cpu.h | 7 +++ > 4 files changed, 74 insertions(+) > > --- a/Documentation/ABI/testing/sysfs-devices-system-cpu > +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu > @@ -373,3 +373,19 @@ Contact: Linux kernel mailing list <linu > Description: information about CPUs heterogeneity. > > cpu_capacity: capacity of cpu#. > + > +What: /sys/devices/system/cpu/vulnerabilities > + /sys/devices/system/cpu/vulnerabilities/meltdown > + /sys/devices/system/cpu/vulnerabilities/spectre_v1 > + /sys/devices/system/cpu/vulnerabilities/spectre_v2 > +Date: Januar 2018 > +Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> > +Description: Information about CPU vulnerabilities > + > + The files are named after the code names of CPU > + vulnerabilities. The output of those files reflects the > + state of the CPUs in the system. Currently, your code sets X86_BUG_SPECTRE_V[12] unconditionally on x86 CPUs. However, to my understanding some CPUs which do not execute code out-of-order aren't affected. As it is better to err on the safe side for now, what about adding a disclaimer at the end of this sentence, such as: ", but may contain false positives" Thanks, Dominik ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 7:29 ` Dominik Brodowski @ 2018-01-08 7:33 ` Thomas Gleixner 0 siblings, 0 replies; 21+ messages in thread From: Thomas Gleixner @ 2018-01-08 7:33 UTC (permalink / raw) To: Dominik Brodowski Cc: LKML, Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Mon, 8 Jan 2018, Dominik Brodowski wrote: > On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > > As the meltdown/spectre problem affects several CPU architectures, it makes > > sense to have common way to express whether a system is affected by a > > particular vulnerability or not. If affected the way to express the > > mitigation should be common as well. > > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > meltdown, spectre_v1 and spectre_v2. > > > > Allow architectures to override the show function. > > > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > > --- > > Documentation/ABI/testing/sysfs-devices-system-cpu | 16 +++++++ > > drivers/base/Kconfig | 3 + > > drivers/base/cpu.c | 48 +++++++++++++++++++++ > > include/linux/cpu.h | 7 +++ > > 4 files changed, 74 insertions(+) > > > > --- a/Documentation/ABI/testing/sysfs-devices-system-cpu > > +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu > > @@ -373,3 +373,19 @@ Contact: Linux kernel mailing list <linu > > Description: information about CPUs heterogeneity. > > > > cpu_capacity: capacity of cpu#. > > + > > +What: /sys/devices/system/cpu/vulnerabilities > > + /sys/devices/system/cpu/vulnerabilities/meltdown > > + /sys/devices/system/cpu/vulnerabilities/spectre_v1 > > + /sys/devices/system/cpu/vulnerabilities/spectre_v2 > > +Date: Januar 2018 > > +Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> > > +Description: Information about CPU vulnerabilities > > + > > + The files are named after the code names of CPU > > + vulnerabilities. The output of those files reflects the > > + state of the CPUs in the system. > > Currently, your code sets X86_BUG_SPECTRE_V[12] unconditionally on x86 > CPUs. However, to my understanding some CPUs which do not execute code > out-of-order aren't affected. As it is better to err on the safe side for > now, what about adding a disclaimer at the end of this sentence, such as: > > ", but may contain false positives" We do that in the same way as we did with BUG_INSECURE (now MELTDOWN). Err out on the safe side and get the exceptions in place when people are confident about them. It's not going to take long I assume. Thanks, tglx ^ permalink raw reply [flat|nested] 21+ messages in thread
* [tip:x86/pti] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner ` (2 preceding siblings ...) 2018-01-08 7:29 ` Dominik Brodowski @ 2018-01-08 10:16 ` tip-bot for Thomas Gleixner 2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli 2018-01-29 5:30 ` Jon Masters 5 siblings, 0 replies; 21+ messages in thread From: tip-bot for Thomas Gleixner @ 2018-01-08 10:16 UTC (permalink / raw) To: linux-tip-commits Cc: linux-kernel, dwmw, will.deacon, peterz, dave.hansen, hpa, bp, torvalds, mingo, gregkh, konrad.wilk, tglx Commit-ID: 87590ce6e373d1a5401f6539f0c59ef92dd924a9 Gitweb: https://git.kernel.org/tip/87590ce6e373d1a5401f6539f0c59ef92dd924a9 Author: Thomas Gleixner <tglx@linutronix.de> AuthorDate: Sun, 7 Jan 2018 22:48:00 +0100 Committer: Thomas Gleixner <tglx@linutronix.de> CommitDate: Mon, 8 Jan 2018 11:10:33 +0100 sysfs/cpu: Add vulnerability folder As the meltdown/spectre problem affects several CPU architectures, it makes sense to have common way to express whether a system is affected by a particular vulnerability or not. If affected the way to express the mitigation should be common as well. Create /sys/devices/system/cpu/vulnerabilities folder and files for meltdown, spectre_v1 and spectre_v2. Allow architectures to override the show function. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Will Deacon <will.deacon@arm.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Cc: Borislav Petkov <bp@alien8.de> Cc: David Woodhouse <dwmw@amazon.co.uk> Link: https://lkml.kernel.org/r/20180107214913.096657732@linutronix.de --- Documentation/ABI/testing/sysfs-devices-system-cpu | 16 ++++++++ drivers/base/Kconfig | 3 ++ drivers/base/cpu.c | 48 ++++++++++++++++++++++ include/linux/cpu.h | 7 ++++ 4 files changed, 74 insertions(+) diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu index f3d5817..bd3a88e 100644 --- a/Documentation/ABI/testing/sysfs-devices-system-cpu +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu @@ -373,3 +373,19 @@ Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> Description: information about CPUs heterogeneity. cpu_capacity: capacity of cpu#. + +What: /sys/devices/system/cpu/vulnerabilities + /sys/devices/system/cpu/vulnerabilities/meltdown + /sys/devices/system/cpu/vulnerabilities/spectre_v1 + /sys/devices/system/cpu/vulnerabilities/spectre_v2 +Date: Januar 2018 +Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org> +Description: Information about CPU vulnerabilities + + The files are named after the code names of CPU + vulnerabilities. The output of those files reflects the + state of the CPUs in the system. Possible output values: + + "Not affected" CPU is not affected by the vulnerability + "Vulnerable" CPU is affected and no mitigation in effect + "Mitigation: $M" CPU is affetcted and mitigation $M is in effect diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig index 2f6614c..37a71fd 100644 --- a/drivers/base/Kconfig +++ b/drivers/base/Kconfig @@ -235,6 +235,9 @@ config GENERIC_CPU_DEVICES config GENERIC_CPU_AUTOPROBE bool +config GENERIC_CPU_VULNERABILITIES + bool + config SOC_BUS bool select GLOB diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 321cd7b..825964e 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -501,10 +501,58 @@ static void __init cpu_dev_register_generic(void) #endif } +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES + +ssize_t __weak cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +ssize_t __weak cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +ssize_t __weak cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); + +static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, + &dev_attr_spectre_v1.attr, + &dev_attr_spectre_v2.attr, + NULL +}; + +static const struct attribute_group cpu_root_vulnerabilities_group = { + .name = "vulnerabilities", + .attrs = cpu_root_vulnerabilities_attrs, +}; + +static void __init cpu_register_vulnerabilities(void) +{ + if (sysfs_create_group(&cpu_subsys.dev_root->kobj, + &cpu_root_vulnerabilities_group)) + pr_err("Unable to register CPU vulnerabilities\n"); +} + +#else +static inline void cpu_register_vulnerabilities(void) { } +#endif + void __init cpu_dev_init(void) { if (subsys_system_register(&cpu_subsys, cpu_root_attr_groups)) panic("Failed to register CPU subsystem"); cpu_dev_register_generic(); + cpu_register_vulnerabilities(); } diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 938ea8a..c816e6f 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -47,6 +47,13 @@ extern void cpu_remove_dev_attr(struct device_attribute *attr); extern int cpu_add_dev_attr_group(struct attribute_group *attrs); extern void cpu_remove_dev_attr_group(struct attribute_group *attrs); +extern ssize_t cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf); +extern ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf); +extern ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf); + extern __printf(4, 5) struct device *cpu_device_create(struct device *parent, void *drvdata, const struct attribute_group **groups, ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner ` (3 preceding siblings ...) 2018-01-08 10:16 ` [tip:x86/pti] " tip-bot for Thomas Gleixner @ 2018-01-26 16:23 ` Andrea Arcangeli 2018-01-26 16:35 ` Greg Kroah-Hartman 2018-01-29 5:30 ` Jon Masters 5 siblings, 1 reply; 21+ messages in thread From: Andrea Arcangeli @ 2018-01-26 16:23 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon, Josh Poimboeuf, Waiman Long Hello, On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); > +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); This sysfs feature implemented as above is weakening kernel security, it should be 0400 above. It doesn't make sense to expose to luser when a software fix (or even only a software mitigation) has been disabled at build time to gain all performance back (see CONFIG_RETPOLINE=n config option). $ cat /boot/kernel-`uname -r` cat: /boot/kernel-4.15.0-rc9+: Permission denied $ cat /lib/modules/`uname -r`/kernel/arch/x86/kvm/kvm.ko cat: /lib/modules/4.15.0-rc9+/kernel/arch/x86/kvm/kvm.ko: Permission denied $ dmesg dmesg: read kernel buffer failed: Operation not permitted Noticing when cr3 is flipped in kernel/exit is easy, but noticing when the syscall table or the whole kernel has been built with retpolines is not trivial to detect. Same for variant#1. Exploiting spectre variant#2 for an attacker is not without risk of being detected while the setup is being mounted, as the CPU load would spike for hours. I may notice if a random background network daemon suddenly starts running at 100% CPU load for hours (especially on mobile devices that would be physically noticeable). Containers shouldn't have sysfs and you can workaround the above if you run all network daemons behind mount namespaces, but in general leaving this directory readable by luser is weaking security because it exposes when mounting a variant#2 attack can succeed. It even tells when it is worth to focus on the syscall_table indirect call or if the attack needs to dig deeper because asm retpolines were used, but the kernel was built with a gcc without retpolines. The only case where the above isn't weakening security is when the full fix is on for all the variants is enabled (and variant#1 for now just shows vulnerable..). For the same reasons the whole directory, not just the files, should be 0500, especially if this would be used for any other equivalent issue in the future and it won't stick to these 3 files, I didn't implement that yet, because it's less urgent if nobody adds any more files soon. >From 578b411c8dcb1435dd1f94a6cd062f4eedb70fb5 Mon Sep 17 00:00:00 2001 From: Andrea Arcangeli <aarcange@redhat.com> Date: Wed, 24 Jan 2018 19:19:36 +0100 Subject: [PATCH 1/1] x86/spectre/meltdown: avoid the vulnerability directory to weaken kernel security If any of the fixes is disabled to gain some performance back at runtime or build time, should not be exposed to unprivileged userland. Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> --- drivers/base/cpu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index d99038487a0d..a3a8e008f957 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -531,9 +531,9 @@ ssize_t __weak cpu_show_spectre_v2(struct device *dev, return sprintf(buf, "Not affected\n"); } -static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); -static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); -static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); +static DEVICE_ATTR(meltdown, 0400, cpu_show_meltdown, NULL); +static DEVICE_ATTR(spectre_v1, 0400, cpu_show_spectre_v1, NULL); +static DEVICE_ATTR(spectre_v2, 0400, cpu_show_spectre_v2, NULL); static struct attribute *cpu_root_vulnerabilities_attrs[] = { &dev_attr_meltdown.attr, ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli @ 2018-01-26 16:35 ` Greg Kroah-Hartman 0 siblings, 0 replies; 21+ messages in thread From: Greg Kroah-Hartman @ 2018-01-26 16:35 UTC (permalink / raw) To: Andrea Arcangeli Cc: Thomas Gleixner, LKML, Linus Torvalds, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon, Josh Poimboeuf, Waiman Long On Fri, Jan 26, 2018 at 05:23:31PM +0100, Andrea Arcangeli wrote: > Hello, > > On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote: > > +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); > > +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); > > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); > > This sysfs feature implemented as above is weakening kernel security, > it should be 0400 above. See the patch from Jason A. Donenfeld <Jason@zx2c4.com> to do just that: Subject: [PATCH] cpu: do not leak vulnerabilities to unprivileged users Message-Id: <20180125120401.30596-1-Jason@zx2c4.com> I'll be queueing it up for 4.16-rc1 and backport it everywhere. thanks, greg k-h ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner ` (4 preceding siblings ...) 2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli @ 2018-01-29 5:30 ` Jon Masters 5 siblings, 0 replies; 21+ messages in thread From: Jon Masters @ 2018-01-29 5:30 UTC (permalink / raw) To: Thomas Gleixner, LKML Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On 01/07/2018 04:48 PM, Thomas Gleixner wrote: > +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES > + > +ssize_t __weak cpu_show_meltdown(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} > + > +ssize_t __weak cpu_show_spectre_v1(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} > + > +ssize_t __weak cpu_show_spectre_v2(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + return sprintf(buf, "Not affected\n"); > +} Just wondering aloud (after the merge) here but shouldn't the default be "unknown", at least for Spectre? It's pervasive enough. Jon. ^ permalink raw reply [flat|nested] 21+ messages in thread
* [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions 2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner @ 2018-01-07 21:48 ` Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk ` (2 more replies) 1 sibling, 3 replies; 21+ messages in thread From: Thomas Gleixner @ 2018-01-07 21:48 UTC (permalink / raw) To: LKML Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon [-- Attachment #1: x86-cpu--Implement-CPU-vulnerabilites-sysfs-functions.patch --] [-- Type: text/plain, Size: 1743 bytes --] Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and spectre_v2. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> --- arch/x86/Kconfig | 1 + arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -89,6 +89,7 @@ config X86 select GENERIC_CLOCKEVENTS_MIN_ADJUST select GENERIC_CMOS_UPDATE select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_FIND_FIRST_BIT select GENERIC_IOMAP --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -10,6 +10,7 @@ */ #include <linux/init.h> #include <linux/utsname.h> +#include <linux/cpu.h> #include <asm/bugs.h> #include <asm/processor.h> #include <asm/processor-flags.h> @@ -60,3 +61,31 @@ void __init check_bugs(void) set_memory_4k((unsigned long)__va(0), 1); #endif } + +#ifdef CONFIG_SYSFS +ssize_t cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + return sprintf(buf, "Not affected\n"); + if (boot_cpu_has(X86_FEATURE_PTI)) + return sprintf(buf, "Mitigation: PTI\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} +#endif ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner @ 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:54 ` Greg Kroah-Hartman 2018-01-08 10:17 ` [tip:x86/pti] " tip-bot for Thomas Gleixner 2 siblings, 0 replies; 21+ messages in thread From: Konrad Rzeszutek Wilk @ 2018-01-07 22:14 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Sun, Jan 07, 2018 at 10:48:01PM +0100, Thomas Gleixner wrote: > Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and > spectre_v2. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Thank you! > --- > arch/x86/Kconfig | 1 + > arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++ > 2 files changed, 30 insertions(+) > > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -89,6 +89,7 @@ config X86 > select GENERIC_CLOCKEVENTS_MIN_ADJUST > select GENERIC_CMOS_UPDATE > select GENERIC_CPU_AUTOPROBE > + select GENERIC_CPU_VULNERABILITIES > select GENERIC_EARLY_IOREMAP > select GENERIC_FIND_FIRST_BIT > select GENERIC_IOMAP > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -10,6 +10,7 @@ > */ > #include <linux/init.h> > #include <linux/utsname.h> > +#include <linux/cpu.h> > #include <asm/bugs.h> > #include <asm/processor.h> > #include <asm/processor-flags.h> > @@ -60,3 +61,31 @@ void __init check_bugs(void) > set_memory_4k((unsigned long)__va(0), 1); > #endif > } > + > +#ifdef CONFIG_SYSFS > +ssize_t cpu_show_meltdown(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) > + return sprintf(buf, "Not affected\n"); > + if (boot_cpu_has(X86_FEATURE_PTI)) > + return sprintf(buf, "Mitigation: PTI\n"); > + return sprintf(buf, "Vulnerable\n"); > +} > + > +ssize_t cpu_show_spectre_v1(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) > + return sprintf(buf, "Not affected\n"); > + return sprintf(buf, "Vulnerable\n"); > +} > + > +ssize_t cpu_show_spectre_v2(struct device *dev, > + struct device_attribute *attr, char *buf) > +{ > + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) > + return sprintf(buf, "Not affected\n"); > + return sprintf(buf, "Vulnerable\n"); > +} > +#endif > > ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk @ 2018-01-08 6:54 ` Greg Kroah-Hartman 2018-01-08 10:17 ` [tip:x86/pti] " tip-bot for Thomas Gleixner 2 siblings, 0 replies; 21+ messages in thread From: Greg Kroah-Hartman @ 2018-01-08 6:54 UTC (permalink / raw) To: Thomas Gleixner Cc: LKML, Linus Torvalds, Ingo Molnar, Peter Zijlstra, Borislav Petkov, David Woodhouse, Dave Hansen, Will Deacon On Sun, Jan 07, 2018 at 10:48:01PM +0100, Thomas Gleixner wrote: > Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and > spectre_v2. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > --- > arch/x86/Kconfig | 1 + > arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++ > 2 files changed, 30 insertions(+) Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ^ permalink raw reply [flat|nested] 21+ messages in thread
* [tip:x86/pti] x86/cpu: Implement CPU vulnerabilites sysfs functions 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:54 ` Greg Kroah-Hartman @ 2018-01-08 10:17 ` tip-bot for Thomas Gleixner 2 siblings, 0 replies; 21+ messages in thread From: tip-bot for Thomas Gleixner @ 2018-01-08 10:17 UTC (permalink / raw) To: linux-tip-commits Cc: torvalds, dave.hansen, peterz, gregkh, will.deacon, mingo, tglx, linux-kernel, konrad.wilk, dwmw, hpa, bp Commit-ID: 61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4 Gitweb: https://git.kernel.org/tip/61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4 Author: Thomas Gleixner <tglx@linutronix.de> AuthorDate: Sun, 7 Jan 2018 22:48:01 +0100 Committer: Thomas Gleixner <tglx@linutronix.de> CommitDate: Mon, 8 Jan 2018 11:10:40 +0100 x86/cpu: Implement CPU vulnerabilites sysfs functions Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and spectre_v2. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Will Deacon <will.deacon@arm.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Cc: Borislav Petkov <bp@alien8.de> Cc: David Woodhouse <dwmw@amazon.co.uk> Link: https://lkml.kernel.org/r/20180107214913.177414879@linutronix.de --- arch/x86/Kconfig | 1 + arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index cd5199d..e23d21a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -89,6 +89,7 @@ config X86 select GENERIC_CLOCKEVENTS_MIN_ADJUST select GENERIC_CMOS_UPDATE select GENERIC_CPU_AUTOPROBE + select GENERIC_CPU_VULNERABILITIES select GENERIC_EARLY_IOREMAP select GENERIC_FIND_FIRST_BIT select GENERIC_IOMAP diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index ba0b242..76ad6cb 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -10,6 +10,7 @@ */ #include <linux/init.h> #include <linux/utsname.h> +#include <linux/cpu.h> #include <asm/bugs.h> #include <asm/processor.h> #include <asm/processor-flags.h> @@ -60,3 +61,31 @@ void __init check_bugs(void) set_memory_4k((unsigned long)__va(0), 1); #endif } + +#ifdef CONFIG_SYSFS +ssize_t cpu_show_meltdown(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + return sprintf(buf, "Not affected\n"); + if (boot_cpu_has(X86_FEATURE_PTI)) + return sprintf(buf, "Mitigation: PTI\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v1(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} + +ssize_t cpu_show_spectre_v2(struct device *dev, + struct device_attribute *attr, char *buf) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) + return sprintf(buf, "Not affected\n"); + return sprintf(buf, "Vulnerable\n"); +} +#endif ^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder
@ 2018-01-07 22:22 Alexey Dobriyan
2018-01-08 3:50 ` Konrad Rzeszutek Wilk
0 siblings, 1 reply; 21+ messages in thread
From: Alexey Dobriyan @ 2018-01-07 22:22 UTC (permalink / raw)
To: tglx; +Cc: linux-kernel
Thomas Gleixner wrote:
> Create /sys/devices/system/cpu/vulnerabilities folder and files for
> meltdown, spectre_v1 and spectre_v2.
It is called "grep -e '^bugs' /proc/cpuinfo".
kpti is deduceable from .config and /proc/cmdline .
If people don't know what .config they are running, god bless them.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-07 22:22 [patch V2 1/2] sysfs/cpu: Add vulnerability folder Alexey Dobriyan @ 2018-01-08 3:50 ` Konrad Rzeszutek Wilk 2018-01-08 5:35 ` Alexey Dobriyan 0 siblings, 1 reply; 21+ messages in thread From: Konrad Rzeszutek Wilk @ 2018-01-08 3:50 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: tglx, linux-kernel On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: > Thomas Gleixner wrote: > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > meltdown, spectre_v1 and spectre_v2. > > It is called "grep -e '^bugs' /proc/cpuinfo". > > kpti is deduceable from .config and /proc/cmdline . > If people don't know what .config they are running, god bless them. It is not just for meltdown (kpti). You also have retpoline and IBRS which is for spectre. ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 3:50 ` Konrad Rzeszutek Wilk @ 2018-01-08 5:35 ` Alexey Dobriyan 2018-01-08 9:36 ` Thomas Gleixner 2018-01-08 11:54 ` Alan Cox 0 siblings, 2 replies; 21+ messages in thread From: Alexey Dobriyan @ 2018-01-08 5:35 UTC (permalink / raw) To: Konrad Rzeszutek Wilk; +Cc: tglx, linux-kernel On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote: > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: > > Thomas Gleixner wrote: > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > > meltdown, spectre_v1 and spectre_v2. > > > > It is called "grep -e '^bugs' /proc/cpuinfo". > > > > kpti is deduceable from .config and /proc/cmdline . > > If people don't know what .config they are running, god bless them. > > It is not just for meltdown (kpti). You also have retpoline and IBRS > which is for spectre. If you, as kernel developer, are sure that bug is properly mitigated to the best of your knowledge then clear the bit from the bug mask. ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 5:35 ` Alexey Dobriyan @ 2018-01-08 9:36 ` Thomas Gleixner 2018-01-08 10:30 ` Alexey Dobriyan 2018-01-08 11:54 ` Alan Cox 1 sibling, 1 reply; 21+ messages in thread From: Thomas Gleixner @ 2018-01-08 9:36 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: Konrad Rzeszutek Wilk, linux-kernel On Mon, 8 Jan 2018, Alexey Dobriyan wrote: > On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote: > > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: > > > Thomas Gleixner wrote: > > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > > > meltdown, spectre_v1 and spectre_v2. > > > > > > It is called "grep -e '^bugs' /proc/cpuinfo". > > > > > > kpti is deduceable from .config and /proc/cmdline . > > > If people don't know what .config they are running, god bless them. > > > > It is not just for meltdown (kpti). You also have retpoline and IBRS > > which is for spectre. > > If you, as kernel developer, are sure that bug is properly mitigated > to the best of your knowledge then clear the bit from the bug mask. Nope. The CPU is still buggy and does not become less so because we set a mitigation into effect. Thanks, tglx ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 9:36 ` Thomas Gleixner @ 2018-01-08 10:30 ` Alexey Dobriyan 0 siblings, 0 replies; 21+ messages in thread From: Alexey Dobriyan @ 2018-01-08 10:30 UTC (permalink / raw) To: Thomas Gleixner; +Cc: Konrad Rzeszutek Wilk, linux-kernel On 1/8/18, Thomas Gleixner <tglx@linutronix.de> wrote: > On Mon, 8 Jan 2018, Alexey Dobriyan wrote: >> On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote: >> > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: >> > > Thomas Gleixner wrote: >> > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for >> > > > meltdown, spectre_v1 and spectre_v2. >> > > >> > > It is called "grep -e '^bugs' /proc/cpuinfo". >> > > >> > > kpti is deduceable from .config and /proc/cmdline . >> > > If people don't know what .config they are running, god bless them. >> > >> > It is not just for meltdown (kpti). You also have retpoline and IBRS >> > which is for spectre. >> >> If you, as kernel developer, are sure that bug is properly mitigated >> to the best of your knowledge then clear the bit from the bug mask. > > Nope. The CPU is still buggy and does not become less so because we set a > mitigation into effect. There no reason why these files should exist, both technical and non-technical. 1) /proc/cpuinfo bugs section is time honored, this is where F00F and FDIV lived. 2) marketing monikers are used, they are for hype, leave them to journalists. I read both papers and bugs are cool but I have no clue which name is which bug (and which variant!) because they are very meaningless by themselves. 3) You're placing kernel on the hook for explaining users who is vulnerable. But kernel is not vulnerable! CPU vendors should put a page and distros refer to those pages. Then it is business as usual: write an advisory, give instructions how to enable KPTI, give instructions how to get new microcode and verify by checking for new flags in /proc/cpuinfo, give instructions for using new compiler flags. 4) defaults default is "Not affected" which is easily incorrect as nobody knows what CPU manufacturers are doing. Might as well say "Contact your CPU vendor for more information". At this point file becomes meaningless. 5) it is not clear what the fuss is all about There is no file which lists every mitigation (LIST_POISON, refcounting, SLAB randomization, ASLR/KASLR etc), there is no reason to start now. This is becoming WSJ-driven development (in wide sense of the word). ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 5:35 ` Alexey Dobriyan 2018-01-08 9:36 ` Thomas Gleixner @ 2018-01-08 11:54 ` Alan Cox 2018-01-08 18:04 ` Alexey Dobriyan 1 sibling, 1 reply; 21+ messages in thread From: Alan Cox @ 2018-01-08 11:54 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: Konrad Rzeszutek Wilk, tglx, linux-kernel On Mon, 8 Jan 2018 08:35:14 +0300 Alexey Dobriyan <adobriyan@gmail.com> wrote: > On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote: > > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: > > > Thomas Gleixner wrote: > > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > > > meltdown, spectre_v1 and spectre_v2. > > > > > > It is called "grep -e '^bugs' /proc/cpuinfo". > > > > > > kpti is deduceable from .config and /proc/cmdline . > > > If people don't know what .config they are running, god bless them. > > > > It is not just for meltdown (kpti). You also have retpoline and IBRS > > which is for spectre. > > If you, as kernel developer, are sure that bug is properly mitigated > to the best of your knowledge then clear the bit from the bug mask. It's probably useful to have the mitigation status somewhere because that is what most people will care about. Both pieces of information are needed though. Alan ^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder 2018-01-08 11:54 ` Alan Cox @ 2018-01-08 18:04 ` Alexey Dobriyan 0 siblings, 0 replies; 21+ messages in thread From: Alexey Dobriyan @ 2018-01-08 18:04 UTC (permalink / raw) To: Alan Cox; +Cc: Konrad Rzeszutek Wilk, tglx, linux-kernel On Mon, Jan 08, 2018 at 11:54:54AM +0000, Alan Cox wrote: > On Mon, 8 Jan 2018 08:35:14 +0300 > Alexey Dobriyan <adobriyan@gmail.com> wrote: > > > On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote: > > > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote: > > > > Thomas Gleixner wrote: > > > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for > > > > > meltdown, spectre_v1 and spectre_v2. > > > > > > > > It is called "grep -e '^bugs' /proc/cpuinfo". > > > > > > > > kpti is deduceable from .config and /proc/cmdline . > > > > If people don't know what .config they are running, god bless them. > > > > > > It is not just for meltdown (kpti). You also have retpoline and IBRS > > > which is for spectre. > > > > If you, as kernel developer, are sure that bug is properly mitigated > > to the best of your knowledge then clear the bit from the bug mask. > > It's probably useful to have the mitigation status somewhere because that > is what most people will care about. Both pieces of information are > needed though. Then proper way for mainline is Documentation/. Kernel doesn't announce many things such as ASLR, it simply enables it by default. Real checks are done by disassembly and verifying that generated code does what's necessary anyway. But dumbed down version doesn't need runtime file in sysfs, internet page somewhere (kernel.org gitweb interface) should be enough. ^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2018-01-29 5:30 UTC | newest] Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner 2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:53 ` Greg Kroah-Hartman 2018-01-08 7:29 ` Dominik Brodowski 2018-01-08 7:33 ` Thomas Gleixner 2018-01-08 10:16 ` [tip:x86/pti] " tip-bot for Thomas Gleixner 2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli 2018-01-26 16:35 ` Greg Kroah-Hartman 2018-01-29 5:30 ` Jon Masters 2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner 2018-01-07 22:14 ` Konrad Rzeszutek Wilk 2018-01-08 6:54 ` Greg Kroah-Hartman 2018-01-08 10:17 ` [tip:x86/pti] " tip-bot for Thomas Gleixner 2018-01-07 22:22 [patch V2 1/2] sysfs/cpu: Add vulnerability folder Alexey Dobriyan 2018-01-08 3:50 ` Konrad Rzeszutek Wilk 2018-01-08 5:35 ` Alexey Dobriyan 2018-01-08 9:36 ` Thomas Gleixner 2018-01-08 10:30 ` Alexey Dobriyan 2018-01-08 11:54 ` Alan Cox 2018-01-08 18:04 ` Alexey Dobriyan
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.