[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190103163740.GC3529@e103592.cambridge.arm.com>
Date: Thu, 3 Jan 2019 16:37:40 +0000
From: Dave Martin <Dave.Martin@....com>
To: Jeremy Linton <jeremy.linton@....com>
Cc: linux-arm-kernel@...ts.infradead.org, mark.rutland@....com,
mlangsdo@...hat.com,
"Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
suzuki.poulose@....com, marc.zyngier@....com,
catalin.marinas@....com, Dave Hansen <dave.hansen@...el.com>,
julien.thierry@....com, will.deacon@....com,
linux-kernel@...r.kernel.org, steven.price@....com,
Peter Zijlstra <peterz@...radead.org>,
Borislav Petkov <bp@...en8.de>,
David Woodhouse <dwmw@...zon.co.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
ykaukab@...e.de, Thomas Gleixner <tglx@...utronix.de>,
shankerd@...eaurora.org
Subject: Re: [PATCH v2 1/7] sysfs/cpu: Add "Unknown" vulnerability state
On Wed, Jan 02, 2019 at 06:49:15PM -0600, Jeremy Linton wrote:
> There is a lot of variation in the Arm ecosystem. Because of this,
> there exist possible cases where the kernel cannot authoritatively
> determine if a machine is vulnerable.
>
> Rather than guess the vulnerability status in cases where
> the mitigation is disabled or the firmware isn't responding
> correctly, we need to display an "Unknown" state.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@....com>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Cc: Dave Hansen <dave.hansen@...el.com>
> Cc: Borislav Petkov <bp@...en8.de>
> Cc: David Woodhouse <dwmw@...zon.co.uk>
> ---
> Documentation/ABI/testing/sysfs-devices-system-cpu | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
> index 9605dbd4b5b5..876103fddfa4 100644
> --- a/Documentation/ABI/testing/sysfs-devices-system-cpu
> +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
> @@ -495,6 +495,7 @@ Description: Information about CPU vulnerabilities
> "Not affected" CPU is not affected by the vulnerability
> "Vulnerable" CPU is affected and no mitigation in effect
> "Mitigation: $M" CPU is affected and mitigation $M is in effect
> + "Unknown" The kernel is unable to make a determination
Do some of the "Unknown" cases arise from the vulnerability detection
code being compiled out of the kernel?
I wonder whether at least the detection support should be mandatory.
sysfs is not very useful as a standard vulnerability reporting interface
unless we make best efforts to always populate it with real information.
Also, does "Unknown" convey anything beyond what is indicated by the
sysfs entry being omitted altogether?
Cheers
---Dave
Powered by blists - more mailing lists