linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alexey Dobriyan <adobriyan@gmail.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Konrad Rzeszutek Wilk <konrad@kernel.org>, linux-kernel@vger.kernel.org
Subject: Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder
Date: Mon, 8 Jan 2018 12:30:41 +0200	[thread overview]
Message-ID: <CACVxJT9SATrGjDkKAw_gs0NgNXFQzLf=V3eNrpoZHRCv6JCK5A@mail.gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.20.1801081036100.1735@nanos>

On 1/8/18, Thomas Gleixner <tglx@linutronix.de> wrote:
> On Mon, 8 Jan 2018, Alexey Dobriyan wrote:
>> On Sun, Jan 07, 2018 at 10:50:58PM -0500, Konrad Rzeszutek Wilk wrote:
>> > On Mon, Jan 08, 2018 at 01:22:04AM +0300, Alexey Dobriyan wrote:
>> > > Thomas Gleixner wrote:
>> > > > Create /sys/devices/system/cpu/vulnerabilities folder and files for
>> > > > meltdown, spectre_v1 and spectre_v2.
>> > >
>> > > It is called "grep -e '^bugs' /proc/cpuinfo".
>> > >
>> > > kpti is deduceable from .config and /proc/cmdline .
>> > > If people don't know what .config they are running, god bless them.
>> >
>> > It is not just for meltdown (kpti). You also have retpoline and IBRS
>> > which is for spectre.
>>
>> If you, as kernel developer, are sure that bug is properly mitigated
>> to the best of your knowledge then clear the bit from the bug mask.
>
> Nope. The CPU is still buggy and does not become less so because we set a
> mitigation into effect.

There no reason why these files should exist, both technical and non-technical.

1) /proc/cpuinfo bugs section is time honored, this is where F00F and
FDIV lived.

2) marketing monikers are used, they are for hype, leave them to journalists.
I read both papers and bugs are cool but I have no clue which name is
which bug (and which variant!) because they are very meaningless
by themselves.

3) You're placing kernel on the hook for explaining users who is vulnerable.
But kernel is not vulnerable! CPU vendors should put a page and
distros refer to those pages. Then it is business as usual: write an advisory,
give instructions how to enable KPTI, give instructions how to get
new microcode and verify by checking for new flags in /proc/cpuinfo,
give instructions for using new compiler flags.

4) defaults
default is "Not affected" which is easily incorrect as nobody knows
what CPU manufacturers are doing.

Might as well say "Contact your CPU vendor for more information".
At this point file becomes meaningless.

5) it is not clear what the fuss is all about
There is no file which lists every mitigation (LIST_POISON, refcounting,
SLAB randomization, ASLR/KASLR etc), there is no reason to start now.


This is becoming WSJ-driven development (in wide sense of the word).

  reply	other threads:[~2018-01-08 10:30 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-07 22:22 [patch V2 1/2] sysfs/cpu: Add vulnerability folder Alexey Dobriyan
2018-01-08  3:50 ` Konrad Rzeszutek Wilk
2018-01-08  5:35   ` Alexey Dobriyan
2018-01-08  9:36     ` Thomas Gleixner
2018-01-08 10:30       ` Alexey Dobriyan [this message]
2018-01-08 11:54     ` Alan Cox
2018-01-08 18:04       ` Alexey Dobriyan
  -- strict thread matches above, loose matches on Subject: below --
2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
2018-01-07 22:14   ` Konrad Rzeszutek Wilk
2018-01-08  6:53   ` Greg Kroah-Hartman
2018-01-08  7:29   ` Dominik Brodowski
2018-01-08  7:33     ` Thomas Gleixner
2018-01-26 16:23   ` Andrea Arcangeli
2018-01-26 16:35     ` Greg Kroah-Hartman
2018-01-29  5:30   ` Jon Masters

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACVxJT9SATrGjDkKAw_gs0NgNXFQzLf=V3eNrpoZHRCv6JCK5A@mail.gmail.com' \
    --to=adobriyan@gmail.com \
    --cc=konrad@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).