Received: by 10.223.176.46 with SMTP id f43csp2143205wra; Thu, 25 Jan 2018 05:40:50 -0800 (PST) X-Google-Smtp-Source: AH8x224fyeaf7HTTSvRXxn+JOJtnXeGNlEc2T070G10ZmRCG7XkyU0VF6SctqjUXVodPFJBCwHP2 X-Received: by 2002:a17:902:9306:: with SMTP id bc6-v6mr11252246plb.29.1516887650835; Thu, 25 Jan 2018 05:40:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516887650; cv=none; d=google.com; s=arc-20160816; b=DvHR63M4BRCt2GKzD892BnzsWxmgHC2uYwXRS+rkmrRLG+sD9w/6MKgjaTaSNrdg8m hYoaOQiKcogpPx71XtH/fRQuFVSJGoe4zk3fOWY5FR+T6FLF75THO4rcgAPc8+lSBdL3 2hO0u6CjYWcp9bfSKadTIhz4qQh6NzpFrqNvQlRE+AhufmAlP9fJuylxs2fBMVH1WfEv gBtG5eu7PnKRd7ATHci8yQOYrzM1Jj6038UO7vqnTwWUstxwnvc32ggm6c8QIAt7KWQ8 lpIj8Bcfm0Q3Yt3ivKnz2LbIeljyUi1z/azg5hx6uA6QL0rJNGtcm4SFDFyrXuouv6v/ BxTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=0ta9T4ozJnLD7c90LHMV6lIT6b9oIW9w0TXW7z/cePU=; b=0fmIRxQa/SulKdOhWvz5Gu3yGpEYpvPMIi8FMGw7dXS87c9gtKPaC3JNghIS9TVKZq jv790CX6Jp6mmUmdg+xE0FvntEkL+sOcuQG+oZ0pbTNdczv+7Mx7QEWspA4zS5+PM4DU 9AKHRtyEGsz363FQf1/4Dqmd2Q+qVuB0e1xc2iUMZMk2DMam7AVSU//D62pSdqp2/3tf OK1Rb3D294rnRk8k/8jjh6NmYE84Z5tZ/UHKoQLP5jpH4cE7/v0UP/kzukWLaBtYkLnK sBUlcxtM8RE6SIeJJd8CQclUfABmCHrPPRojeJytZ09om+c21Yw00+WPn3c480oEUOF6 aemQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=AIYyXqBL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u14si1576958pgn.261.2018.01.25.05.40.36; Thu, 25 Jan 2018 05:40:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=AIYyXqBL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751241AbeAYNkH (ORCPT + 99 others); Thu, 25 Jan 2018 08:40:07 -0500 Received: from frisell.zx2c4.com ([192.95.5.64]:50335 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751011AbeAYNkG (ORCPT ); Thu, 25 Jan 2018 08:40:06 -0500 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 834d27a8 for ; Thu, 25 Jan 2018 13:26:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=mail; bh=0yOjnjiYK5aVC5IXviE6wkOQ1pI=; b=AIYyXq BLbxFeMTT8FHui0I+KFuqmStTlpo6RfeyBpFbFqXZAtSGcr/CaJ76608vs+zdXdo RhLA5w/yrDtlW1npt7OzQ7RD0GF3PijSYbGKrcIaI4e4ricLKwhVKRGWymGMCOdj uGbntuG4UdAeK+BQY1LizeWs+hhIqLaVqj1a8+vmarEM0ypEGv6T47ltgU6HP0oN K6hL9Ce06aWq+uvqAUxzUCjTP6biJXgJFgSa1p3wbNdnSnFqZkts33OqtRG2au0+ k+pPAEEnAzrKXovH78ud1h1P4gydGmpPS+5pGKtrYzLUvviiVSzzByB0zbA6Bw/d 2JR1afoO3Y3qsZRQ== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 44dbf416 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Thu, 25 Jan 2018 13:26:52 +0000 (UTC) Received: by mail-oi0-f54.google.com with SMTP id k15so5244931oib.1 for ; Thu, 25 Jan 2018 05:40:04 -0800 (PST) X-Gm-Message-State: AKwxyteCOeMQLoQRpAU8LCNAfVKCT8/gkfl+Rip9rxe7zNwL3jpd+SbC maEhk0dyXyYYN99OzyJ5uU/TBgQib57gwxKslKQ= X-Received: by 10.202.170.208 with SMTP id t199mr10608831oie.275.1516887604065; Thu, 25 Jan 2018 05:40:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.140.12 with HTTP; Thu, 25 Jan 2018 05:40:03 -0800 (PST) In-Reply-To: <20180125133433.3a750f25@alans-desktop> References: <20180125120401.30596-1-Jason@zx2c4.com> <20180125133433.3a750f25@alans-desktop> From: "Jason A. Donenfeld" Date: Thu, 25 Jan 2018 14:40:03 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [kernel-hardening] Re: [PATCH] cpu: do not leak vulnerabilities to unprivileged users To: Alan Cox Cc: Greg Kroah-Hartman , LKML , kernel-hardening@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 25, 2018 at 2:34 PM, Alan Cox wrote: > As you observe any attacker can already trivially ascertain whether > protection is on, so there is no point pretending file permissions > magically stop that. In fact the information is already in cpuinfo. Actually the other place it leaks is in dmesg, which would need to be patched too. My understanding about cpuinfo was that it showed whether or not the processor family is generally vulnerable to it, independent of whether or not the kernel has been patched. What this patch does relates to whether or not the kernel has been patched.