From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linuxfoundation.org>,
Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Dave Hansen <dave.hansen@intel.com>,
Will Deacon <will.deacon@arm.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Waiman Long <longman@redhat.com>
Subject: Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder
Date: Fri, 26 Jan 2018 17:35:04 +0100 [thread overview]
Message-ID: <20180126163504.GA19313@kroah.com> (raw)
In-Reply-To: <20180126162331.GB5230@redhat.com>
On Fri, Jan 26, 2018 at 05:23:31PM +0100, Andrea Arcangeli wrote:
> Hello,
>
> On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote:
> > +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
> > +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
> > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
>
> This sysfs feature implemented as above is weakening kernel security,
> it should be 0400 above.
See the patch from Jason A. Donenfeld <Jason@zx2c4.com> to do just that:
Subject: [PATCH] cpu: do not leak vulnerabilities to unprivileged users
Message-Id: <20180125120401.30596-1-Jason@zx2c4.com>
I'll be queueing it up for 4.16-rc1 and backport it everywhere.
thanks,
greg k-h
next prev parent reply other threads:[~2018-01-26 16:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
2018-01-07 22:14 ` Konrad Rzeszutek Wilk
2018-01-08 6:53 ` Greg Kroah-Hartman
2018-01-08 7:29 ` Dominik Brodowski
2018-01-08 7:33 ` Thomas Gleixner
2018-01-08 10:16 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli
2018-01-26 16:35 ` Greg Kroah-Hartman [this message]
2018-01-29 5:30 ` Jon Masters
2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner
2018-01-07 22:14 ` Konrad Rzeszutek Wilk
2018-01-08 6:54 ` Greg Kroah-Hartman
2018-01-08 10:17 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
-- strict thread matches above, loose matches on Subject: below --
2018-01-07 22:22 [patch V2 1/2] sysfs/cpu: Add vulnerability folder Alexey Dobriyan
2018-01-08 3:50 ` Konrad Rzeszutek Wilk
2018-01-08 5:35 ` Alexey Dobriyan
2018-01-08 9:36 ` Thomas Gleixner
2018-01-08 10:30 ` Alexey Dobriyan
2018-01-08 11:54 ` Alan Cox
2018-01-08 18:04 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180126163504.GA19313@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=aarcange@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linuxfoundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.