Received: by 10.223.176.46 with SMTP id f43csp2207836wra; Thu, 25 Jan 2018 06:34:23 -0800 (PST) X-Google-Smtp-Source: AH8x224ETpfzDEAA2EnjKOkLs9KF4YtIsBezH9sTRis4TYk97jkqDYZVOp56iERaHJfuQqEmr7VL X-Received: by 10.99.65.134 with SMTP id o128mr4695393pga.323.1516890863127; Thu, 25 Jan 2018 06:34:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516890863; cv=none; d=google.com; s=arc-20160816; b=fqdq6o6FgUln//yiuARntb3vWkQMywVQ3PFh3+tuHR5WuOpUcQxG3LUBAEA0Gzee2/ g6XC9SxCKUpX9O+DeHpvyFkCf8j/56+SinVZ24YDQVJlyCAVscaOwFpYT4J9SGk0xNA0 nN3OpS6YWf4+UFzw/3tAiRdk74JVfFr+B3XHfIOY+FkOSudk0noVoGn4DqHqhWeo31VG 45pgENFA9RDhJhq+VwRijvT+e8oGZrNMMIEd9cJ7AhIFXHuU9PBI67sp4CT5Dud/RHQ/ j/tgbtLAr2RlJS++5holSnUDXkOEQHZbQZ409o8Agex+23/nZ6Merb+Ko8+MrYh0Xrl/ SFfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=uwlQPaZl0Hs0nGfaDWucnds3rhJ1Y7ubFehhvUj49mc=; b=n5sD4tnBbQBT/UkQlB1PaE6vgHJZS5LWNMcos+8rvylkXN0mr/VsTwrBsS4Qzt5A0S tRn4yvfNUPULPu/Bm34BB6NLlbUanbyfMnj7I6GThOm/vAg5AusPA3ma8WWUA/2l7IoE m9RlZruMR4/dmNZDlYa8JCrNqFgoRdu9wCQfMxhj/AHWQ7hXcmDRvNfh5cl62AFjf/TV AnqIPKQA6ZJa5AHEc/JUXCFFUKg2fmzNzWjOsTwyVToXdpRFhyX9/xeOitfzZ6PsLyaZ UqkHG/nFJ6kw/rx7TSfhEyaKSnvBLn6NFAA1dV9cD8BhbiHGtz6wbc1ZIPnyPUjHiWMt 1oqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9-v6si2021251pls.560.2018.01.25.06.34.08; Thu, 25 Jan 2018 06:34:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751254AbeAYNet (ORCPT + 99 others); Thu, 25 Jan 2018 08:34:49 -0500 Received: from www.llwyncelyn.cymru ([82.70.14.225]:39746 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751105AbeAYNes (ORCPT ); Thu, 25 Jan 2018 08:34:48 -0500 Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226]) by fuzix.org (8.15.2/8.15.2) with ESMTP id w0PDYYtA027674; Thu, 25 Jan 2018 13:34:34 GMT Date: Thu, 25 Jan 2018 13:34:33 +0000 From: Alan Cox To: "Jason A. Donenfeld" Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH] cpu: do not leak vulnerabilities to unprivileged users Message-ID: <20180125133433.3a750f25@alans-desktop> In-Reply-To: <20180125120401.30596-1-Jason@zx2c4.com> References: <20180125120401.30596-1-Jason@zx2c4.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 25 Jan 2018 13:04:01 +0100 "Jason A. Donenfeld" wrote: > While it's public information if the CPU in general has spectre/meltdown > bugs, it probably shouldn't be as globally obvious to all unprivileged > users whether or not the kernel is doing something to mitigate There are plenty of cases where it is useful for an application such as a JIT to know what level of protection it needs to be providing. For example if you look across the ecosystem (notably ARM) a lot of common slower processors are not vulnerable. For those a JIT would want to generate code without the overhead of any protections. As you observe any attacker can already trivially ascertain whether protection is on, so there is no point pretending file permissions magically stop that. In fact the information is already in cpuinfo. IMHO given it's trivially available info and useful for JITs it make sense for the data to be exposed. Alan