lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190415212129.1112-1-jeremy.linton@arm.com>
Date:   Mon, 15 Apr 2019 16:21:19 -0500
From:   Jeremy Linton <jeremy.linton@....com>
To:     linux-arm-kernel@...ts.infradead.org
Cc:     catalin.marinas@....com, will.deacon@....com, marc.zyngier@....com,
        suzuki.poulose@....com, Dave.Martin@....com,
        shankerd@...eaurora.org, julien.thierry@....com,
        mlangsdo@...hat.com, stefan.wahren@...e.com,
        Andre.Przywara@....com, linux-kernel@...r.kernel.org,
        Jeremy Linton <jeremy.linton@....com>
Subject: [v8 00/10] arm64: add system vulnerability sysfs entries

Arm64 machines should be displaying a human readable
vulnerability status to speculative execution attacks in
/sys/devices/system/cpu/vulnerabilities 

This series enables that behavior by providing the expected
functions. Those functions expose the cpu errata and feature
states, as well as whether firmware is responding appropriately
to display the overall machine status. This means that in a
heterogeneous machine we will only claim the machine is mitigated
or safe if we are confident all booted cores are safe or
mitigated.

v7->v8: Fix latent build break when KVM_INDIRECT_VECTORS is not set.
	Revert v7 ssbd tristate back to default safe bool. Since
	       __ssb_safe should be reliable now, make overall print
	       more dependent on it.
	Tweak ssbd message to indicate prctl support.

v6->v7: Invert ssb white/black list logic so that we only mark
	       cores in the whitelist not affected when the firmware
	       fails to respond. Removed reviewed/tested tags for
	       just patch 9 because of this.

v5->v6:
	Invert meltdown logic to display that a core is safe rather
	       than mitigated if the mitigation has been enabled on
	       machines that are safe. This can happen when the
	       mitigation was forced on via command line or KASLR.
	       This means that in order to detect if kpti is enabled
	       other methods must be used (look at dmesg) when the
	       machine isn't itself susceptible to meltdown.
	Trivial whitespace tweaks.

Jeremy Linton (6):
  arm64: Provide a command line to disable spectre_v2 mitigation
  arm64: add sysfs vulnerability show for meltdown
  arm64: Always enable spectrev2 vulnerability detection
  arm64: add sysfs vulnerability show for spectre v2
  arm64: Always enable ssb vulnerability detection
  arm64: add sysfs vulnerability show for speculative store bypass

Marc Zyngier (2):
  arm64: Advertise mitigation of Spectre-v2, or lack thereof
  arm64: Use firmware to detect CPUs that are not affected by Spectre-v2

Mian Yousaf Kaukab (2):
  arm64: add sysfs vulnerability show for spectre v1
  arm64: enable generic CPU vulnerabilites support

 .../admin-guide/kernel-parameters.txt         |   8 +-
 arch/arm64/Kconfig                            |   1 +
 arch/arm64/include/asm/cpufeature.h           |   4 -
 arch/arm64/kernel/cpu_errata.c                | 249 +++++++++++++-----
 arch/arm64/kernel/cpufeature.c                |  58 +++-
 5 files changed, 232 insertions(+), 88 deletions(-)

-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ