Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state

From: Dave Martin
Date: Thu Jan 03 2019 - 11:37:49 EST

Next message: Mel Gorman: "Re: possible deadlock in __wake_up_common_lock"
Previous message: Michel DÃnzer: "Re: [PATCH v5 1/2] drm/amd: validate user pitch alignment"
In reply to: Will Deacon: "Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state"
Next in thread: Jeremy Linton: "Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 02, 2019 at 06:49:15PM -0600, Jeremy Linton wrote:
> There is a lot of variation in the Arm ecosystem. Because of this,
> there exist possible cases where the kernel cannot authoritatively
> determine if a machine is vulnerable.
>
> Rather than guess the vulnerability status in cases where
> the mitigation is disabled or the firmware isn't responding
> correctly, we need to display an "Unknown" state.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@xxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: David Woodhouse <dwmw@xxxxxxxxxxxx>
> ---
> Documentation/ABI/testing/sysfs-devices-system-cpu | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
> index 9605dbd4b5b5..876103fddfa4 100644
> --- a/Documentation/ABI/testing/sysfs-devices-system-cpu
> +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
> @@ -495,6 +495,7 @@ Description: Information about CPU vulnerabilities
> "Not affected" CPU is not affected by the vulnerability
> "Vulnerable" CPU is affected and no mitigation in effect
> "Mitigation: $M" CPU is affected and mitigation $M is in effect
> + "Unknown" The kernel is unable to make a determination

Do some of the "Unknown" cases arise from the vulnerability detection
code being compiled out of the kernel?

I wonder whether at least the detection support should be mandatory.
sysfs is not very useful as a standard vulnerability reporting interface
unless we make best efforts to always populate it with real information.

Also, does "Unknown" convey anything beyond what is indicated by the
sysfs entry being omitted altogether?

Cheers
---Dave

Next message: Mel Gorman: "Re: possible deadlock in __wake_up_common_lock"
Previous message: Michel DÃnzer: "Re: [PATCH v5 1/2] drm/amd: validate user pitch alignment"
In reply to: Will Deacon: "Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state"
Next in thread: Jeremy Linton: "Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]