Received: by 10.223.176.46 with SMTP id f43csp633484wra; Fri, 26 Jan 2018 04:33:19 -0800 (PST) X-Google-Smtp-Source: AH8x227UAvYPaudP1ZLMEKZmmE2h2EdMgTdTfTeKB8MVzML5knfranGX4DzYe71vyWhN8G7rXunB X-Received: by 10.98.205.72 with SMTP id o69mr16704369pfg.104.1516969999296; Fri, 26 Jan 2018 04:33:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516969999; cv=none; d=google.com; s=arc-20160816; b=RPJ4AjEJEUCML7KUyuqfsB+X/G9Qnhgn+HwldJuSvc7U9FbqP0fJNS5FwR2dOwdb2F B9F2kepcbCfcGhbVrRRP+/cAwhdsle4lru7XDmd5dkzOOcuajnbfmsNIO2owx6MVT4Ei n67lzcVd6ADlJWbQfVxnAzKyo7upSnf3Hp4NffBICKItMOs/57m3twLQGCxm3I13paHb U80KBlLoD2JlPK/InnCqiJdZWVtMZTp0ZeFEuJq72s1EDpEVtBx8C1EF3wdyKg2WTITv rsT4uzj3kQArH5AYEYLKEan5byOpvyk0ieq+5F3HjSeJ2nCTegmLmcItofiED/L5l3pe WyhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=9A/JGtR+7OozMkqzcTyX4jV1iqegpiIKP6E2P6jgyVs=; b=egT0+tYr2fJpgOMfTegg7Ol0s642SwwGd2xE/XY1TYMjVnZj4ipErLr05GS480B+gZ din5jdKYfU+OLABo4Hhwt8kxmU0y3m08IgmfujdnScPGGdb+HYK5/FtM4iw35MrA97Hz EYOiv2yAWlqi9tZqY5C3rcOfXJ1/pwsq89wmwBu/7PavboLm+1mR2w2H/Y6oRNkfUDWV QJXj/FYdfVxaunQuUH8HWtF8rHJxB01Alcyp+b/cvIfSMmkIonKeTNCipU+/Nc7TWUFr uODBdZtGL8CN78FCZEQoEaVFwv4PrfE6tou7VSLKeJWsbtzTirJjI3oOXNbjXTi36D+l XwYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=k9IOxM8U; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2si2930293pgc.747.2018.01.26.04.33.05; Fri, 26 Jan 2018 04:33:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=k9IOxM8U; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752092AbeAZMcO (ORCPT + 99 others); Fri, 26 Jan 2018 07:32:14 -0500 Received: from frisell.zx2c4.com ([192.95.5.64]:49897 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751969AbeAZMcN (ORCPT ); Fri, 26 Jan 2018 07:32:13 -0500 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 2731d654; Fri, 26 Jan 2018 12:18:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id:in-reply-to:references; s=mail; bh=lKkN ognqteV4AYVPOgKF2c2wzzE=; b=k9IOxM8U2kPI7ck7fIL46l40DAp7wQucgg3b 29PwdVtFxZCr9TEbE76VuTCSH1DElZvDyMA87m6MSTJhk5gk30F36p7EI5UUKKBK +da15dGqqR+rfey3RmbRkvRN3jQMAe9JKSvk0J26H8VgzT1p5Jbu8qdDC4cGS5g2 B+P5ZPXvdxThPyuKrvgTCN2hmFxKBmm88bsHMPilIovQyJsKvPcYa4zO8IxmzbyT Qn4hzLCecyxRFKzPzGec5kqgykcVuYsSmfy27Qe9j/1Q3oZ7QrB5G5XGJcqrB60o ZtG1kD0r3JLE1yNGKS/CVzedNYcNkSV/1/zXxvCmyLJqlQlLtw== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d839939f (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 26 Jan 2018 12:18:52 +0000 (UTC) From: "Jason A. Donenfeld" To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, gnomes@lxorguk.ukuu.org.uk Cc: "Jason A. Donenfeld" Subject: [PATCH v2] cpu: do not leak vulnerabilities to unprivileged users Date: Fri, 26 Jan 2018 13:31:58 +0100 Message-Id: <20180126123158.9575-1-Jason@zx2c4.com> In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org While it's public information if the CPU in general has spectre/meltdown bugs, it probably shouldn't be as globally obvious to all unprivileged users whether or not the kernel is doing something to mitigate those bugs. While an attacker can obviously probe and try, there frequently is a trade-off attackers make of how much probing around they're willing to do versus the certainty of an attack working, in order to reduce detection. By making it loud and clear that the kernel _is_ vulnerable, we're simply aiding the trade-off calculations attackers have to make when choosing which vectors to target. So, this patch changes the permissions to 0400 to make the attacker's job slightly less easy. While we're at it, we clean up the leak in dmesg too. Signed-off-by: Jason A. Donenfeld --- v2 handles dmesg too. arch/x86/kernel/cpu/bugs.c | 1 - drivers/base/cpu.c | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 390b3dc3d438..e512ae82f201 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -230,7 +230,6 @@ static void __init spectre_v2_select_mitigation(void) } spectre_v2_enabled = mode; - pr_info("%s\n", spectre_v2_strings[mode]); /* * If neither SMEP or KPTI are available, there is a risk of diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index d99038487a0d..a3a8e008f957 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -531,9 +531,9 @@ ssize_t __weak cpu_show_spectre_v2(struct device *dev, return sprintf(buf, "Not affected\n"); } -static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); -static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); -static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); +static DEVICE_ATTR(meltdown, 0400, cpu_show_meltdown, NULL); +static DEVICE_ATTR(spectre_v1, 0400, cpu_show_spectre_v1, NULL); +static DEVICE_ATTR(spectre_v2, 0400, cpu_show_spectre_v2, NULL); static struct attribute *cpu_root_vulnerabilities_attrs[] = { &dev_attr_meltdown.attr, -- 2.16.1