* [patch 0/2] sysfs/cpu: Implement generic vulnerabilites directory
@ 2018-01-07 20:57 Thomas Gleixner
2018-01-07 20:57 ` [patch 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
2018-01-07 20:57 ` [patch 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner
0 siblings, 2 replies; 5+ messages in thread
From: Thomas Gleixner @ 2018-01-07 20:57 UTC (permalink / raw)
To: LKML
Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra,
Borislav Petkov, David Woodhouse, Hansen, Dave
The meltdown/spectre vulnerabilities affect several architectures and
people are asking for a common way to figure out whether a system is
affected or not.
Create
/sys/devices/system/cpu/vulnerabilites
and the files
/sys/devices/system/cpu/vulnerabilites/meltdown
/sys/devices/system/cpu/vulnerabilites/spectre_v1
/sys/devices/system/cpu/vulnerabilites/spectre_v2
Add the x86 implementation which shows:
meltdown Mitigation: PTI
spectre_v1 Vulnerable
sepctre_v1 Vulnerable
On an AMD CPU the output of meltdown is: Not affected.
If PTI is turned off and the CPU is affected of meltdown the output
becomes: Vulnerable
That series applies on top of
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/pti
Thanks,
tglx
^ permalink raw reply [flat|nested] 5+ messages in thread
* [patch 1/2] sysfs/cpu: Add vulnerability folder
2018-01-07 20:57 [patch 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
@ 2018-01-07 20:57 ` Thomas Gleixner
2018-01-07 21:19 ` Greg Kroah-Hartman
2018-01-07 20:57 ` [patch 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner
1 sibling, 1 reply; 5+ messages in thread
From: Thomas Gleixner @ 2018-01-07 20:57 UTC (permalink / raw)
To: LKML
Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra,
Borislav Petkov, David Woodhouse, Hansen, Dave
[-- Attachment #1: sysfs-cpu--Add-vulnerability-folder.patch --]
[-- Type: text/plain, Size: 3278 bytes --]
As the meltdown/spectre problem affects several CPU architectures, it makes
sense to have common way to express whether a system is affected by a
particular vulnerability or not. If affected the way to express the
mitigation should be common as well.
Create /sys/devices/system/cpu/vulnerabilities folder and files for
meltdown, spectre_v1 and spectre_v2.
Allow architextures to override the show function.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
drivers/base/Kconfig | 3 +++
drivers/base/cpu.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/cpu.h | 7 +++++++
3 files changed, 58 insertions(+)
--- a/drivers/base/Kconfig
+++ b/drivers/base/Kconfig
@@ -235,6 +235,9 @@ config GENERIC_CPU_DEVICES
config GENERIC_CPU_AUTOPROBE
bool
+config GENERIC_CPU_VULNERABILITIES
+ bool
+
config SOC_BUS
bool
select GLOB
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -501,10 +501,58 @@ static void __init cpu_dev_register_gene
#endif
}
+#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
+
+ssize_t __weak cpu_show_meltdown(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+}
+
+ssize_t __weak cpu_show_spectre_v1(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+}
+
+ssize_t __weak cpu_show_spectre_v2(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+}
+
+static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
+static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
+static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
+
+static struct attribute *cpu_root_vulnerabilities_attrs[] = {
+ &dev_attr_meltdown.attr,
+ &dev_attr_spectre_v1.attr,
+ &dev_attr_spectre_v2.attr,
+ NULL
+};
+
+static const struct attribute_group cpu_root_vulnerabilities_group = {
+ .name = "vulnerabilities",
+ .attrs = cpu_root_vulnerabilities_attrs,
+};
+
+static void __init cpu_register_vulnerabilities(void)
+{
+ if (sysfs_create_group(&cpu_subsys.dev_root->kobj,
+ &cpu_root_vulnerabilities_group))
+ pr_err("Unable to register CPU vulnerabilities\n");
+}
+
+#else
+static inline void cpu_register_vulnerabilities(void) { }
+#endif
+
void __init cpu_dev_init(void)
{
if (subsys_system_register(&cpu_subsys, cpu_root_attr_groups))
panic("Failed to register CPU subsystem");
cpu_dev_register_generic();
+ cpu_register_vulnerabilities();
}
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -47,6 +47,13 @@ extern void cpu_remove_dev_attr(struct d
extern int cpu_add_dev_attr_group(struct attribute_group *attrs);
extern void cpu_remove_dev_attr_group(struct attribute_group *attrs);
+extern ssize_t cpu_show_meltdown(struct device *dev,
+ struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_spectre_v1(struct device *dev,
+ struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_spectre_v2(struct device *dev,
+ struct device_attribute *attr, char *buf);
+
extern __printf(4, 5)
struct device *cpu_device_create(struct device *parent, void *drvdata,
const struct attribute_group **groups,
^ permalink raw reply [flat|nested] 5+ messages in thread
* [patch 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions
2018-01-07 20:57 [patch 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
2018-01-07 20:57 ` [patch 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
@ 2018-01-07 20:57 ` Thomas Gleixner
1 sibling, 0 replies; 5+ messages in thread
From: Thomas Gleixner @ 2018-01-07 20:57 UTC (permalink / raw)
To: LKML
Cc: Linus Torvalds, Greg Kroah-Hartman, Ingo Molnar, Peter Zijlstra,
Borislav Petkov, David Woodhouse, Hansen, Dave
[-- Attachment #1: x86-cpu--Implement-CPU-vulnerabilites-sysfs-functions.patch --]
[-- Type: text/plain, Size: 1855 bytes --]
Implement the CPU vulnerabilty show functions for meltdown, spectre_v1 and
spectre_v2.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/Kconfig | 1 +
arch/x86/kernel/cpu/bugs.c | 29 +++++++++++++++++++++++++++++
2 files changed, 30 insertions(+)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -89,6 +89,7 @@ config X86
select GENERIC_CLOCKEVENTS_MIN_ADJUST
select GENERIC_CMOS_UPDATE
select GENERIC_CPU_AUTOPROBE
+ select GENERIC_CPU_VULNERABILITIES
select GENERIC_EARLY_IOREMAP
select GENERIC_FIND_FIRST_BIT
select GENERIC_IOMAP
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -10,6 +10,7 @@
*/
#include <linux/init.h>
#include <linux/utsname.h>
+#include <linux/cpu.h>
#include <asm/bugs.h>
#include <asm/processor.h>
#include <asm/processor-flags.h>
@@ -60,3 +61,31 @@ void __init check_bugs(void)
set_memory_4k((unsigned long)__va(0), 1);
#endif
}
+
+#ifdef CONFIG_SYSFS
+ssize_t cpu_show_meltdown(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+ if (boot_cpu_has(X86_FEATURE_PTI))
+ return snprintf(buf, PAGE_SIZE - 2, "Mitigation: PTI\n");
+ return snprintf(buf, PAGE_SIZE - 2, "Vulnerable\n");
+}
+
+ssize_t cpu_show_spectre_v1(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+ return snprintf(buf, PAGE_SIZE - 2, "Vulnerable\n");
+}
+
+ssize_t cpu_show_spectre_v2(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
+ return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
+ return snprintf(buf, PAGE_SIZE - 2, "Vulnerable\n");
+}
+#endif
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch 1/2] sysfs/cpu: Add vulnerability folder
2018-01-07 20:57 ` [patch 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
@ 2018-01-07 21:19 ` Greg Kroah-Hartman
2018-01-07 21:39 ` Thomas Gleixner
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-07 21:19 UTC (permalink / raw)
To: Thomas Gleixner
Cc: LKML, Linus Torvalds, Ingo Molnar, Peter Zijlstra,
Borislav Petkov, David Woodhouse, Hansen, Dave
On Sun, Jan 07, 2018 at 09:57:50PM +0100, Thomas Gleixner wrote:
> As the meltdown/spectre problem affects several CPU architectures, it makes
> sense to have common way to express whether a system is affected by a
> particular vulnerability or not. If affected the way to express the
> mitigation should be common as well.
>
> Create /sys/devices/system/cpu/vulnerabilities folder and files for
> meltdown, spectre_v1 and spectre_v2.
I like this, minor nits below:
>
> Allow architextures to override the show function.
>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> ---
> drivers/base/Kconfig | 3 +++
> drivers/base/cpu.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
> include/linux/cpu.h | 7 +++++++
> 3 files changed, 58 insertions(+)
A Documentation/ABI/ update is needed for the new sysfs files.
> +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
> +
> +ssize_t __weak cpu_show_meltdown(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
sysfs is one-value-per-file, so you never need to care about the page
size, a simple sprintf() is fine. No need to change if you don't want
to, your call.
> +}
> +
> +ssize_t __weak cpu_show_spectre_v1(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
> +}
> +
> +ssize_t __weak cpu_show_spectre_v2(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
> +}
> +
> +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
> +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
> +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
DEVICE_ATTR_RO() please.
Yeah, that does make the global symbols a bit different, meltdown_show()
and the like. Hm, I guess this is ok, given that it's ment to be
overridden.
Oh, nevermind. So, just a documentation update please, that can always
be an add-on patch if you promise to do it :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [patch 1/2] sysfs/cpu: Add vulnerability folder
2018-01-07 21:19 ` Greg Kroah-Hartman
@ 2018-01-07 21:39 ` Thomas Gleixner
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Gleixner @ 2018-01-07 21:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: LKML, Linus Torvalds, Ingo Molnar, Peter Zijlstra,
Borislav Petkov, David Woodhouse, Hansen, Dave
On Sun, 7 Jan 2018, Greg Kroah-Hartman wrote:
> > drivers/base/Kconfig | 3 +++
> > drivers/base/cpu.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
> > include/linux/cpu.h | 7 +++++++
> > 3 files changed, 58 insertions(+)
>
> A Documentation/ABI/ update is needed for the new sysfs files.
Sure.
> > +#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
> > +
> > +ssize_t __weak cpu_show_meltdown(struct device *dev,
> > + struct device_attribute *attr, char *buf)
> > +{
> > + return snprintf(buf, PAGE_SIZE - 2, "Not affected\n");
>
> sysfs is one-value-per-file, so you never need to care about the page
> size, a simple sprintf() is fine. No need to change if you don't want
> to, your call.
Done.
> > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
>
> DEVICE_ATTR_RO() please.
>
> Yeah, that does make the global symbols a bit different, meltdown_show()
> and the like. Hm, I guess this is ok, given that it's ment to be
> overridden.
That and I expect that in the not so distant future we'll see write
functions as well.
> Oh, nevermind. So, just a documentation update please, that can always
> be an add-on patch if you promise to do it :)
You should never make such offers. These promises land on that growth only
thingy, aka. todo list :)
Thanks,
tglx
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-07 21:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-07 20:57 [patch 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
2018-01-07 20:57 ` [patch 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
2018-01-07 21:19 ` Greg Kroah-Hartman
2018-01-07 21:39 ` Thomas Gleixner
2018-01-07 20:57 ` [patch 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).