From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx2.suse.de ([195.135.220.15]) by Galois.linutronix.de with esmtps (TLS1.0:DHE_RSA_CAMELLIA_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1fLcAB-0003Iw-Uh for speck@linutronix.de; Thu, 24 May 2018 00:23:21 +0200 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B1119AE6C for ; Wed, 23 May 2018 22:23:14 +0000 (UTC) Date: Thu, 24 May 2018 00:22:46 +0200 From: Borislav Petkov Subject: [MODERATED] Re: [PATCH v5 5/8] L1TFv4 0 Message-ID: <20180523222246.GC25143@pd.tnic> References: <20180523215658.63CAB61104@crypto-ml.lab.linutronix.de> MIME-Version: 1.0 In-Reply-To: <20180523215658.63CAB61104@crypto-ml.lab.linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable To: speck@linutronix.de List-ID: On Wed, May 23, 2018 at 02:51:22PM -0700, speck for Andi Kleen wrote: > From: Andi Kleen > Subject: x86, l1tf: Add sysfs reporting for l1tf >=20 > L1TF core kernel workarounds are cheap and normally always enabled, > However we still want to report in sysfs if the system is vulnerable > or mitigated. Add the necessary checks. >=20 > - We use the same checks as Meltdown to determine if the system is > vulnerable. This excludes some Atom CPUs which don't have this > problem. > - We check for the (very unlikely) memory > MAX_PA/2 case > - We check for 32bit non PAE and warn >=20 > Note this patch will likely conflict with some other workaround patches > floating around, but should be straight forward to fix. ... > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 7416fc206b4a..6b557f069a6f 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -707,4 +707,15 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev,= struct device_attribute * > { > return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS); > } > + > +ssize_t cpu_show_l1tf(struct device *dev, struct device_attribute *attr, c= har *buf) > +{ > + if (!boot_cpu_has_bug(X86_BUG_L1TF)) > + return sprintf(buf, "Not affected\n"); In your other patches you should test the bug flag X86_BUG_L1TF like here, not with boot_cpu_has(). It works now but we might enforce it someday. > + > + if (boot_cpu_has(X86_FEATURE_L1TF_WA)) > + return sprintf(buf, "Mitigated\n"); > + > + return sprintf(buf, "Vulnerable\n"); > +} Make that cpu_show_l1tf() call cpu_show_common() like the others do. --=20 Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imend=C3=B6rffer, Jane Smithard, Graham Norton, HR= B 21284 (AG N=C3=BCrnberg) --=20