lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tip-6cb2b08ff92460290979de4be91363e5d1b6cec1@git.kernel.org>
Date:   Thu, 21 Jun 2018 05:24:47 -0700
From:   tip-bot for Jiri Kosina <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     mlatimer@...e.com, linux-kernel@...r.kernel.org, hpa@...or.com,
        mingo@...nel.org, jgross@...e.com, tglx@...utronix.de,
        jkosina@...e.cz, bp@...e.de
Subject: [tip:x86/pti] x86/pti: Don't report XenPV as vulnerable

Commit-ID:  6cb2b08ff92460290979de4be91363e5d1b6cec1
Gitweb:     https://git.kernel.org/tip/6cb2b08ff92460290979de4be91363e5d1b6cec1
Author:     Jiri Kosina <jkosina@...e.cz>
AuthorDate: Mon, 18 Jun 2018 09:59:54 +0200
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Thu, 21 Jun 2018 14:14:52 +0200

x86/pti: Don't report XenPV as vulnerable

Xen PV domain kernel is not by design affected by meltdown as it's
enforcing split CR3 itself. Let's not report such systems as "Vulnerable"
in sysfs (we're also already forcing PTI to off in X86_HYPER_XEN_PV cases);
the security of the system ultimately depends on presence of mitigation in
the Hypervisor, which can't be easily detected from DomU; let's report
that.

Reported-and-tested-by: Mike Latimer <mlatimer@...e.com>
Signed-off-by: Jiri Kosina <jkosina@...e.cz>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Acked-by: Juergen Gross <jgross@...e.com>
Cc: Borislav Petkov <bp@...e.de>
Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1806180959080.6203@cbobk.fhfr.pm
[ Merge the user-visible string into a single line. ]
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/kernel/cpu/bugs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cd0fda1fff6d..404df26b7de8 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -27,6 +27,7 @@
 #include <asm/pgtable.h>
 #include <asm/set_memory.h>
 #include <asm/intel-family.h>
+#include <asm/hypervisor.h>
 
 static void __init spectre_v2_select_mitigation(void);
 static void __init ssb_select_mitigation(void);
@@ -664,6 +665,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
 		if (boot_cpu_has(X86_FEATURE_PTI))
 			return sprintf(buf, "Mitigation: PTI\n");
 
+		if (hypervisor_is_type(X86_HYPER_XEN_PV))
+			return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n");
+
 		break;
 
 	case X86_BUG_SPECTRE_V1:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ