* [MODERATED] Re: [patch 1/8] [PATCH v1.3.1 1/7] Linux Patch 1
[not found] <20180418141547.90010610F0@crypto-ml.lab.linutronix.de>
@ 2018-04-18 15:14 ` Borislav Petkov
0 siblings, 0 replies; only message in thread
From: Borislav Petkov @ 2018-04-18 15:14 UTC (permalink / raw)
To: speck
Lemme paste my comments from last time, now that the whole encrypted
mail thing and glue around it works. :)
On Thu, Apr 12, 2018 at 10:26:50PM -0400, speck for konrad.wilk_at_oracle.com wrote:
> x86/mdd: Expose the /sys/../md and BUG_MD
>
> It does not do much except show the words 'Vulnerable'.
>
> It assumes that Cyrix, Old Intel CPUs are immune to this.
>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
> v3: Remove AMD
> s/md/mdd/
> ---
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/kernel/cpu/bugs.c | 8 ++++++++
> arch/x86/kernel/cpu/common.c | 17 +++++++++++++++++
> drivers/base/cpu.c | 8 ++++++++
> include/linux/cpu.h | 2 ++
> 5 files changed, 36 insertions(+)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index d554c11e01ff..4393c10fcc6f 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -362,5 +362,6 @@
> #define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */
> #define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */
> #define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */
> +#define X86_BUG_CPU_MD X86_BUG(17) /* CPU is affected by memory disambiguation. */
>
> #endif /* _ASM_X86_CPUFEATURES_H */
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index bfca937bdcc3..79dfc80c4b9c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -340,4 +340,12 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
> boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
> spectre_v2_module_string());
> }
> +
> +ssize_t cpu_show_md(struct device *dev, struct device_attribute *attr, char *buf)
> +{
> + if (!boot_cpu_has_bug(X86_BUG_CPU_MD))
> + return sprintf(buf, "Not affected\n");
> +
> + return sprintf(buf, "Vulnerable\n");
> +}
I guess those can be unified into a single function at some point -
otherwise we'll have one set per CPU bug and that could become unwieldy
at some point.
> #endif
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 348cf4821240..4cd1c95e21b2 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -935,6 +935,21 @@ static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
> return true;
> }
>
> +static const __initconst struct x86_cpu_id cpu_no_md[] = {
> + { X86_VENDOR_CENTAUR, 5 },
> + { X86_VENDOR_INTEL, 5 },
> + { X86_VENDOR_NSC, 5 },
> + { X86_VENDOR_ANY, 4 },
> + {}
> +};
> +
> +static bool __init cpu_vulnerable_to_md(struct cpuinfo_x86 *c)
> +{
> + if (x86_match_cpu(cpu_no_md))
> + return false;
> +
> + return true;
> +}
This too could be merged with cpu_vulnerable_to_meltdown() and made
into a common cpu_set_bug_bits() or so which goes through all those
x86_x86_id matching structures.
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
^ permalink raw reply [flat|nested] only message in thread