[opensuse-factory] Kernel 4.15.2 and Spectre v1
Hi there Given today's kernel stable repo update to 4.15.2, "grep . /sys/devices/system/cpu/vulnerabilities/* gives /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline What does "_user pointer sanitization" mean? Thank you. Regards, Frank -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 02/09/2018 01:23 PM, Frank Krüger wrote:
Hi there
Given today's kernel stable repo update to 4.15.2,
"grep . /sys/devices/system/cpu/vulnerabilities/*
gives
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
What does "_user pointer sanitization" mean?
The current mitigation for V1 of Spectre is complete only for references that
the kernel makes into user space. The commit message for the patch that changed
that message is as follows:
x86/spectre: Report get_user mitigation for spectre_v1
commit edfbae53dab8348fca778531be9f4855d2ca0360
Reflect the presence of get_user(), __get_user(), and 'syscall' protections
in sysfs. The expectation is that new and better tooling will allow the
kernel to grow more usages of array_index_nospec(), for now, only claim
mitigation for __user pointer de-references.
Reported-by: Jiri Slaby
Am 09.02.2018 um 20:42 schrieb Larry Finger:
On 02/09/2018 01:23 PM, Frank Krüger wrote:
Hi there
Given today's kernel stable repo update to 4.15.2,
"grep . /sys/devices/system/cpu/vulnerabilities/*
gives
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
What does "_user pointer sanitization" mean?
The current mitigation for V1 of Spectre is complete only for references that the kernel makes into user space. The commit message for the patch that changed that message is as follows:
x86/spectre: Report get_user mitigation for spectre_v1 commit edfbae53dab8348fca778531be9f4855d2ca0360
Reflect the presence of get_user(), __get_user(), and 'syscall' protections in sysfs. The expectation is that new and better tooling will allow the kernel to grow more usages of array_index_nospec(), for now, only claim mitigation for __user pointer de-references.
Reported-by: Jiri Slaby
Signed-off-by: Dan Williams Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman Larry I see. Thx.
Regards, Frank -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 9, 2018 at 4:23 PM, Frank Krüger
Hi there
Given today's kernel stable repo update to 4.15.2,
"grep . /sys/devices/system/cpu/vulnerabilities/*
gives
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
What does "_user pointer sanitization" mean?
https://lkml.org/lkml/2018/1/20/152 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Cristian Rodríguez
-
Frank Krüger
-
Larry Finger