Received: by 10.223.176.46 with SMTP id f43csp1063060wra;
        Fri, 26 Jan 2018 11:12:46 -0800 (PST)
X-Google-Smtp-Source: AH8x2247LpDloyNXGBAAejYMMCtlK7hW0cLWfgJswIzJ3iY8LM6yA0sUFwFhNuMbDZLKRI2Mix7S
X-Received: by 10.99.114.5 with SMTP id n5mr16543574pgc.211.1516993966273;
        Fri, 26 Jan 2018 11:12:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516993966; cv=none;
        d=google.com; s=arc-20160816;
        b=0ET9ndYEDSYHdZpd4Gpt7IxtVhSyGUE2sjvm7R40Ij1wy1rDjxgB2dRi0wLYa32WU/
         OulNrYUUSs5anexq/6TVIZ6nUgJXLUWl8VwDS2rM7Jiu5Q7x4fxcVYJ9byMc4iIS1Cfw
         8EFxsRJmQVfGOUsl7xhoCkRFa8CSxEZnE0ptTNSJkJUgkxQ6iTQZn+VoNUdXFQ5c32iY
         TErO7OwnNIW8du8wvfMXdZE5nV4MPP9drvPZhRnQYzaQH9CrFl58Fw8eZl0/F4D5r1ia
         JJbFTkyKMp0ERrGvlYHMuElckctJyM0sMtpmY3Eohkkl7BSlgbmDAtPu1XYsVLqIwUHI
         fdnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date:arc-authentication-results;
        bh=Cul8nS+CvQMUh4UMqMbNB3pMv/SH12sDqpFREhVC80Q=;
        b=U4Q2J3PVjPp1UkdAEkaxMYvzVgguKcCMkwV3nuoW1a6E2B55QwbVpqBISNBHCA0xiO
         sWD8Id0cVCJZvOvpg2Tu55mjQ00e4WqSmVteD7zh/av6IjjQr4X88u6s6+rxPaVn+dpB
         WnryUzMfcR2jW7fawr4LiNpzvTlpcpBkwaLTlxy2ozGI0wJswSfN7bMOMMdhC80nXWs9
         bjqz0jGypiOGXhBdRZEe+ijiM1e0vGT1q+bMMjCtNdn7f+CF+/oado30h4demXkigvs1
         aiaqhH9mtqNiXRuwOP8DgxkCa7cR5H5xMede8EvtO91iVTtWh8E1iMPrxmJDEArQnZiW
         chUg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f10-v6si4076078pln.401.2018.01.26.11.12.31;
        Fri, 26 Jan 2018 11:12:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752706AbeAZTHh (ORCPT <rfc822;justmaker@gmail.com> + 99 others);
        Fri, 26 Jan 2018 14:07:37 -0500
Received: from www.llwyncelyn.cymru ([82.70.14.225]:46756 "EHLO fuzix.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752371AbeAZTHg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 26 Jan 2018 14:07:36 -0500
Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226])
        by fuzix.org (8.15.2/8.15.2) with ESMTP id w0QJ7L3u023410;
        Fri, 26 Jan 2018 19:07:21 GMT
Date:   Fri, 26 Jan 2018 19:07:21 +0000
From:   Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To:     "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] Re: [PATCH v2] cpu: do not leak
 vulnerabilities to unprivileged users
Message-ID: <20180126190721.36b0f589@alans-desktop>
In-Reply-To: <CAHmME9poivOgtCkOs5cjQXT0qxayk7MV2QLUBYhoUrKu=VUhuA@mail.gmail.com>
References: <CAHmME9p7QdAZf2NR4fkheRFVUoH1a27rmRcOnzkSS+nE5gJ63Q@mail.gmail.com>
        <20180126123158.9575-1-Jason@zx2c4.com>
        <20180126164310.13a29ad2@alans-desktop>
        <CAHmME9poivOgtCkOs5cjQXT0qxayk7MV2QLUBYhoUrKu=VUhuA@mail.gmail.com>
Organization: Intel Corporation
X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 26 Jan 2018 18:47:28 +0100
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> On Fri, Jan 26, 2018 at 5:43 PM, Alan Cox <gnomes@lxorguk.ukuu.org.uk> wrote:
> > a) The info is already trivially accessible via /proc/cpuinfo  
> 
> No, /proc/cpuinfo shows if the CPU itself has these bugs, but doesn't
> show whether or not the kernel has gone to lengths to mitigate these
> bugs.

It tells you immediately what microcode, what hardware properties. A few
user space instructions later and you know the rest.

> Right, so without this, an attacker has to measure. The purpose of
> this patchset is to require the attacker to perform an additional
> measurement. That seems worthwhile, especially if measurements are or
> would ever become non-trivial to make.

You mean 'I'm magically going to make it secure because the attacker
won't be smart enough to paste in a function from gitub' ?

I don't buy it. Most attack tools are automated, they will contain the
needed code.

> > b) Some JIT and other environments need to know  
> 
> Shouldn't JITs do the best they can with the environment they're in?
> And for that, isn't /proc/cpuinfo enough?

No

The JIT needs to know whether the mitigations are present because it
needs to JIT very different code if it is responsible for generating
things like lfence and and/mask references or can assume the CPU is
covering some or part of it.

Likewise you can imagine other code using those files in order to figure
out how to self patch / which library to load for performance critical
stuff.

Alan