From: Ingo Molnar <mingo@kernel.org>
To: Dan Williams <dan.j.williams@intel.com>
Cc: tglx@linutronix.de, linux-arch@vger.kernel.org,
kernel-hardening@lists.openwall.com, gregkh@linuxfoundation.org,
x86@kernel.org, torvalds@linux-foundation.org,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Jiri Slaby <jslaby@suse.cz>,
alan@linux.intel.com
Subject: Re: [PATCH v5 12/12] x86/spectre: report get_user mitigation for spectre_v1
Date: Sun, 28 Jan 2018 10:50:28 +0100 [thread overview]
Message-ID: <20180128095027.hqrcpnholsvukdzd@gmail.com> (raw)
In-Reply-To: <151703977742.26578.8362387033092864423.stgit@dwillia2-desk3.amr.corp.intel.com>
* Dan Williams <dan.j.williams@intel.com> wrote:
> Reflect the presence of 'get_user', '__get_user', and 'syscall'
> protections in sysfs. Keep the "Vulnerable" distinction given the
> expectation that the places that have been identified for 'array_idx'
> usage are likely incomplete.
(The style problems/inconsistencies of the previous patches are repeated here too,
please fix.)
>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: x86@kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Reported-by: Jiri Slaby <jslaby@suse.cz>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
> arch/x86/kernel/cpu/bugs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 390b3dc3d438..01d5ba48f745 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -269,7 +269,7 @@ ssize_t cpu_show_spectre_v1(struct device *dev,
> {
> if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
> return sprintf(buf, "Not affected\n");
> - return sprintf(buf, "Vulnerable\n");
> + return sprintf(buf, "Vulnerable: Minimal user pointer sanitization\n");
Btw., I think this string is still somewhat passive-aggressive towards users, as
it doesn't really give them any idea about what is missing from their system so
that they can turn it into not vulnerable.
What else is missing that would turn this into a "Mitigated" entry?
Thanks,
Ingo
next prev parent reply other threads:[~2018-01-28 9:50 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-27 7:55 [PATCH v5 00/12] spectre variant1 mitigations for tip/x86/pti Dan Williams
2018-01-27 7:55 ` Dan Williams
2018-01-27 7:55 ` [PATCH v5 01/12] Documentation: document array_idx Dan Williams
2018-01-27 7:55 ` [PATCH v5 02/12] array_idx: sanitize speculative array de-references Dan Williams
2018-01-27 7:55 ` Dan Williams
2018-01-28 8:55 ` Ingo Molnar
2018-01-28 11:36 ` Thomas Gleixner
2018-01-28 11:36 ` Thomas Gleixner
2018-01-28 16:28 ` Dan Williams
2018-01-28 18:33 ` Ingo Molnar
2018-01-29 16:45 ` Dan Williams
2018-01-29 16:45 ` Dan Williams
2018-01-28 18:36 ` Thomas Gleixner
2018-01-28 18:36 ` Thomas Gleixner
2018-01-30 6:29 ` Dan Williams
2018-01-30 6:29 ` Dan Williams
2018-01-30 19:38 ` Linus Torvalds
2018-01-30 20:13 ` Dan Williams
2018-01-30 20:27 ` Van De Ven, Arjan
2018-01-31 8:03 ` Ingo Molnar
2018-01-31 14:13 ` Van De Ven, Arjan
2018-01-31 14:21 ` Greg KH
2018-01-27 7:55 ` [PATCH v5 03/12] x86: implement array_idx_mask Dan Williams
2018-01-28 9:02 ` Ingo Molnar
2018-01-27 7:55 ` [PATCH v5 04/12] x86: introduce __uaccess_begin_nospec and ifence Dan Williams
2018-01-28 9:06 ` Ingo Molnar
2018-01-28 9:14 ` Ingo Molnar
2018-01-29 20:41 ` Dan Williams
2018-01-29 20:41 ` Dan Williams
2018-01-30 6:56 ` Ingo Molnar
2018-01-27 7:55 ` [PATCH v5 05/12] x86, __get_user: use __uaccess_begin_nospec Dan Williams
2018-01-28 9:19 ` Ingo Molnar
2018-01-28 9:19 ` Ingo Molnar
2018-01-27 7:55 ` [PATCH v5 06/12] x86, get_user: use pointer masking to limit speculation Dan Williams
2018-01-27 7:55 ` Dan Williams
2018-01-28 9:25 ` Ingo Molnar
2018-01-28 9:25 ` Ingo Molnar
2018-01-27 7:55 ` [PATCH v5 07/12] x86: remove the syscall_64 fast-path Dan Williams
2018-01-28 9:29 ` Ingo Molnar
2018-01-28 9:29 ` Ingo Molnar
2018-01-28 15:22 ` Andy Lutomirski
2018-01-28 15:22 ` Andy Lutomirski
2018-01-27 7:55 ` [PATCH v5 08/12] x86: sanitize sycall table de-references under speculation Dan Williams
2018-01-28 9:36 ` Ingo Molnar
2018-01-27 7:56 ` [PATCH v5 09/12] vfs, fdtable: prevent bounds-check bypass via speculative execution Dan Williams
2018-01-27 7:56 ` [PATCH v5 10/12] kvm, x86: update spectre-v1 mitigation Dan Williams
[not found] ` <151703971300.26578.1185595719337719486.stgit-p8uTFz9XbKj2zm6wflaqv1nYeNYlB/vhral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2018-01-27 7:56 ` [PATCH v5 11/12] nl80211: sanitize array index in parse_txq_params Dan Williams
2018-01-27 7:56 ` Dan Williams
2018-01-27 7:56 ` [PATCH v5 12/12] x86/spectre: report get_user mitigation for spectre_v1 Dan Williams
2018-01-28 9:50 ` Ingo Molnar [this message]
2018-01-29 22:05 ` Dan Williams
2018-01-31 8:07 ` Ingo Molnar
2018-02-01 20:23 ` Dan Williams
2018-02-01 20:23 ` Dan Williams
2018-01-27 18:52 ` [PATCH v5 00/12] spectre variant1 mitigations for tip/x86/pti Linus Torvalds
2018-01-27 18:52 ` Linus Torvalds
2018-01-27 19:26 ` Dan Williams
2018-01-27 19:26 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180128095027.hqrcpnholsvukdzd@gmail.com \
--to=mingo@kernel.org \
--cc=alan@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jslaby@suse.cz \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).