Initial submission of Zenbleed fix omitted reporting the bug in sysfs.
There's no reason why it shouldn't be reported so let's add it among
the other vulnerabilities.
Signed-off-by: Nikolay Borisov <[email protected]>
---
.../ABI/testing/sysfs-devices-system-cpu | 1 +
arch/x86/kernel/cpu/amd.c | 15 +++++++++++++++
drivers/base/cpu.c | 8 ++++++++
include/linux/cpu.h | 2 ++
4 files changed, 26 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
index ecd585ca2d50..30bb4196e451 100644
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
@@ -524,6 +524,7 @@ What: /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
/sys/devices/system/cpu/vulnerabilities/retbleed
+ /sys/devices/system/cpu/vulnerabilities/zenbleed
Date: January 2018
Contact: Linux kernel mailing list <[email protected]>
Description: Information about CPU vulnerabilities
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 26ad7ca423e7..3ab9745eafc5 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1279,6 +1279,21 @@ u32 amd_get_highest_perf(void)
}
EXPORT_SYMBOL_GPL(amd_get_highest_perf);
+ssize_t cpu_show_zenbleed(struct device *dev, struct device_attribute *attr, char *buf)
+{
+
+ if (!cpu_has_amd_erratum(&boot_cpu_data, amd_zenbleed) ||
+ !boot_cpu_has(X86_FEATURE_AVX) ||
+ boot_cpu_has(X86_FEATURE_HYPERVISOR))
+ return sysfs_emit(buf, "Not affected\n");
+
+ if (!cpu_has_zenbleed_microcode()) {
+ return sysfs_emit(buf, "Mitigation: Chickenbit\n");
+ } else {
+ return sysfs_emit(buf, "Mitigation: Microcode\n");
+ }
+}
+
static void zenbleed_check_cpu(void *unused)
{
struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
index c1815b9dae68..49c963a0f362 100644
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -577,6 +577,12 @@ ssize_t __weak cpu_show_retbleed(struct device *dev,
return sysfs_emit(buf, "Not affected\n");
}
+ssize_t __weak cpu_show_zenbleed(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "Not affected\n");
+}
+
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
@@ -588,6 +594,7 @@ static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL);
static DEVICE_ATTR(mmio_stale_data, 0444, cpu_show_mmio_stale_data, NULL);
static DEVICE_ATTR(retbleed, 0444, cpu_show_retbleed, NULL);
+static DEVICE_ATTR(zenbleed, 0444, cpu_show_zenbleed, NULL);
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_meltdown.attr,
@@ -601,6 +608,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
&dev_attr_srbds.attr,
&dev_attr_mmio_stale_data.attr,
&dev_attr_retbleed.attr,
+ &dev_attr_zenbleed.attr,
NULL
};
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 6e6e57ec69e8..8ed8fa142067 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -70,6 +70,8 @@ extern ssize_t cpu_show_mmio_stale_data(struct device *dev,
char *buf);
extern ssize_t cpu_show_retbleed(struct device *dev,
struct device_attribute *attr, char *buf);
+extern ssize_t cpu_show_zenbleed(struct device *dev,
+ struct device_attribute *attr, char *buf);
extern __printf(4, 5)
struct device *cpu_device_create(struct device *parent, void *drvdata,
--
2.34.1
On Thu, Jul 27, 2023 at 10:54:46AM +0300, Nikolay Borisov wrote:
> Initial submission of Zenbleed fix omitted reporting the bug in sysfs.
> There's no reason why it shouldn't be reported so let's add it among
> the other vulnerabilities.
>
> Signed-off-by: Nikolay Borisov <[email protected]>
> ---
> .../ABI/testing/sysfs-devices-system-cpu | 1 +
> arch/x86/kernel/cpu/amd.c | 15 +++++++++++++++
> drivers/base/cpu.c | 8 ++++++++
> include/linux/cpu.h | 2 ++
> 4 files changed, 26 insertions(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
> index ecd585ca2d50..30bb4196e451 100644
> --- a/Documentation/ABI/testing/sysfs-devices-system-cpu
> +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
> @@ -524,6 +524,7 @@ What: /sys/devices/system/cpu/vulnerabilities
> /sys/devices/system/cpu/vulnerabilities/itlb_multihit
> /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
> /sys/devices/system/cpu/vulnerabilities/retbleed
> + /sys/devices/system/cpu/vulnerabilities/zenbleed
> Date: January 2018
> Contact: Linux kernel mailing list <[email protected]>
> Description: Information about CPU vulnerabilities
> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 26ad7ca423e7..3ab9745eafc5 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -1279,6 +1279,21 @@ u32 amd_get_highest_perf(void)
> }
> EXPORT_SYMBOL_GPL(amd_get_highest_perf);
>
> +ssize_t cpu_show_zenbleed(struct device *dev, struct device_attribute *attr, char *buf)
> +{
> +
Extra newline.
> + if (!cpu_has_amd_erratum(&boot_cpu_data, amd_zenbleed) ||
> + !boot_cpu_has(X86_FEATURE_AVX) ||
> + boot_cpu_has(X86_FEATURE_HYPERVISOR))
> + return sysfs_emit(buf, "Not affected\n");
> +
> + if (!cpu_has_zenbleed_microcode()) {
For readability this can check of microcode present case, and drop the
NOT operator.
> + return sysfs_emit(buf, "Mitigation: Chickenbit\n");
Shouldn't this be checking if the chicken bit is set? And if its not set
then report "Vulnerable".
But, looking at zenbleed_check() it appear that the chicken bit for
zenbleed will always be present, and it will always be set if microcode
is not present.
> + } else {
> + return sysfs_emit(buf, "Mitigation: Microcode\n");
> + }
> +}
On 29.07.23 г. 2:14 ч., Pawan Gupta wrote:
> On Thu, Jul 27, 2023 at 10:54:46AM +0300, Nikolay Borisov wrote:
>> Initial submission of Zenbleed fix omitted reporting the bug in sysfs.
>> There's no reason why it shouldn't be reported so let's add it among
>> the other vulnerabilities.
>>
>> Signed-off-by: Nikolay Borisov <[email protected]>
>> ---
>> .../ABI/testing/sysfs-devices-system-cpu | 1 +
>> arch/x86/kernel/cpu/amd.c | 15 +++++++++++++++
>> drivers/base/cpu.c | 8 ++++++++
>> include/linux/cpu.h | 2 ++
>> 4 files changed, 26 insertions(+)
>>
>> diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
>> index ecd585ca2d50..30bb4196e451 100644
>> --- a/Documentation/ABI/testing/sysfs-devices-system-cpu
>> +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
>> @@ -524,6 +524,7 @@ What: /sys/devices/system/cpu/vulnerabilities
>> /sys/devices/system/cpu/vulnerabilities/itlb_multihit
>> /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
>> /sys/devices/system/cpu/vulnerabilities/retbleed
>> + /sys/devices/system/cpu/vulnerabilities/zenbleed
>> Date: January 2018
>> Contact: Linux kernel mailing list <[email protected]>
>> Description: Information about CPU vulnerabilities
>> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
>> index 26ad7ca423e7..3ab9745eafc5 100644
>> --- a/arch/x86/kernel/cpu/amd.c
>> +++ b/arch/x86/kernel/cpu/amd.c
>> @@ -1279,6 +1279,21 @@ u32 amd_get_highest_perf(void)
>> }
>> EXPORT_SYMBOL_GPL(amd_get_highest_perf);
>>
>> +ssize_t cpu_show_zenbleed(struct device *dev, struct device_attribute *attr, char *buf)
>> +{
>> +
>
> Extra newline.
>
>> + if (!cpu_has_amd_erratum(&boot_cpu_data, amd_zenbleed) ||
>> + !boot_cpu_has(X86_FEATURE_AVX) ||
>> + boot_cpu_has(X86_FEATURE_HYPERVISOR))
>> + return sysfs_emit(buf, "Not affected\n");
>> +
>> + if (!cpu_has_zenbleed_microcode()) {
>
> For readability this can check of microcode present case, and drop the
> NOT operator.
>
>> + return sysfs_emit(buf, "Mitigation: Chickenbit\n");
>
> Shouldn't this be checking if the chicken bit is set? And if its not set
> then report "Vulnerable".
>
> But, looking at zenbleed_check() it appear that the chicken bit for
> zenbleed will always be present, and it will always be set if microcode
> is not present.
Yeah, but based on feedback I got from Boris it seems this is not going
to be merged so it doesn't matter.
>
>> + } else {
>> + return sysfs_emit(buf, "Mitigation: Microcode\n");
>> + }
>> +}