From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Andrea Arcangeli <aarcange@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linuxfoundation.org>,
Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Dave Hansen <dave.hansen@intel.com>,
Will Deacon <will.deacon@arm.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Waiman Long <longman@redhat.com>
Subject: Re: [patch V2 1/2] sysfs/cpu: Add vulnerability folder
Date: Fri, 26 Jan 2018 17:35:04 +0100 [thread overview]
Message-ID: <20180126163504.GA19313@kroah.com> (raw)
In-Reply-To: <20180126162331.GB5230@redhat.com>
On Fri, Jan 26, 2018 at 05:23:31PM +0100, Andrea Arcangeli wrote:
> Hello,
>
> On Sun, Jan 07, 2018 at 10:48:00PM +0100, Thomas Gleixner wrote:
> > +static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
> > +static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
> > +static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
>
> This sysfs feature implemented as above is weakening kernel security,
> it should be 0400 above.
See the patch from Jason A. Donenfeld <Jason@zx2c4.com> to do just that:
Subject: [PATCH] cpu: do not leak vulnerabilities to unprivileged users
Message-Id: <20180125120401.30596-1-Jason@zx2c4.com>
I'll be queueing it up for 4.16-rc1 and backport it everywhere.
thanks,
greg k-h
next prev parent reply other threads:[~2018-01-26 16:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 21:47 [patch V2 0/2] sysfs/cpu: Implement generic vulnerabilites directory Thomas Gleixner
2018-01-07 21:48 ` [patch V2 1/2] sysfs/cpu: Add vulnerability folder Thomas Gleixner
2018-01-07 22:14 ` Konrad Rzeszutek Wilk
2018-01-08 6:53 ` Greg Kroah-Hartman
2018-01-08 7:29 ` Dominik Brodowski
2018-01-08 7:33 ` Thomas Gleixner
2018-01-08 10:16 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
2018-01-26 16:23 ` [patch V2 1/2] " Andrea Arcangeli
2018-01-26 16:35 ` Greg Kroah-Hartman [this message]
2018-01-29 5:30 ` Jon Masters
2018-01-07 21:48 ` [patch V2 2/2] x86/cpu: Implement CPU vulnerabilites sysfs functions Thomas Gleixner
2018-01-07 22:14 ` Konrad Rzeszutek Wilk
2018-01-08 6:54 ` Greg Kroah-Hartman
2018-01-08 10:17 ` [tip:x86/pti] " tip-bot for Thomas Gleixner
-- strict thread matches above, loose matches on Subject: below --
2018-01-07 22:22 [patch V2 1/2] sysfs/cpu: Add vulnerability folder Alexey Dobriyan
2018-01-08 3:50 ` Konrad Rzeszutek Wilk
2018-01-08 5:35 ` Alexey Dobriyan
2018-01-08 9:36 ` Thomas Gleixner
2018-01-08 10:30 ` Alexey Dobriyan
2018-01-08 11:54 ` Alan Cox
2018-01-08 18:04 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180126163504.GA19313@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=aarcange@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linuxfoundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox