Message ID | 20240416145325.535615-6-stefan.bader@canonical.com |
---|---|
State | New |
Headers | show |
Series | CVE-2024-2201 | expand |
On Tue, 16 Apr 2024 16:53:17 +0200 Stefan Bader <stefan.bader@canonical.com> wrote: > From: Josh Poimboeuf <jpoimboe@kernel.org> > > commit 0cd01ac5dcb1e18eb18df0f0d05b5de76522a437 upstream. > > Change the format of the 'spectre_v2' vulnerabilities sysfs file > slightly by converting the commas to semicolons, so that mitigations for > future variants can be grouped together and separated by commas. That's a user visible change that might break existing tools, no? ...Juerg > > Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> > Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > CVE-2024-2201 > (cherry picked from commit 276fb9a658d0f44bc2e11b5f838cbe4e5759a223 linux-5.15.y) > Signed-off-by: Stefan Bader <stefan.bader@canonical.com> > --- > arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++------------ > 1 file changed, 12 insertions(+), 12 deletions(-) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 9e139731436c..3d1a0961fec5 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -2596,15 +2596,15 @@ static char *stibp_state(void) > > switch (spectre_v2_user_stibp) { > case SPECTRE_V2_USER_NONE: > - return ", STIBP: disabled"; > + return "; STIBP: disabled"; > case SPECTRE_V2_USER_STRICT: > - return ", STIBP: forced"; > + return "; STIBP: forced"; > case SPECTRE_V2_USER_STRICT_PREFERRED: > - return ", STIBP: always-on"; > + return "; STIBP: always-on"; > case SPECTRE_V2_USER_PRCTL: > case SPECTRE_V2_USER_SECCOMP: > if (static_key_enabled(&switch_to_cond_stibp)) > - return ", STIBP: conditional"; > + return "; STIBP: conditional"; > } > return ""; > } > @@ -2613,10 +2613,10 @@ static char *ibpb_state(void) > { > if (boot_cpu_has(X86_FEATURE_IBPB)) { > if (static_key_enabled(&switch_mm_always_ibpb)) > - return ", IBPB: always-on"; > + return "; IBPB: always-on"; > if (static_key_enabled(&switch_mm_cond_ibpb)) > - return ", IBPB: conditional"; > - return ", IBPB: disabled"; > + return "; IBPB: conditional"; > + return "; IBPB: disabled"; > } > return ""; > } > @@ -2626,11 +2626,11 @@ static char *pbrsb_eibrs_state(void) > if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { > if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || > boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) > - return ", PBRSB-eIBRS: SW sequence"; > + return "; PBRSB-eIBRS: SW sequence"; > else > - return ", PBRSB-eIBRS: Vulnerable"; > + return "; PBRSB-eIBRS: Vulnerable"; > } else { > - return ", PBRSB-eIBRS: Not affected"; > + return "; PBRSB-eIBRS: Not affected"; > } > } > > @@ -2649,9 +2649,9 @@ static ssize_t spectre_v2_show_state(char *buf) > return sysfs_emit(buf, "%s%s%s%s%s%s%s\n", > spectre_v2_strings[spectre_v2_enabled], > ibpb_state(), > - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", > + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", > stibp_state(), > - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", > + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", > pbrsb_eibrs_state(), > spectre_v2_module_string()); > }
On 30.04.24 11:12, Juerg Haefliger wrote: > On Tue, 16 Apr 2024 16:53:17 +0200 > Stefan Bader <stefan.bader@canonical.com> wrote: > >> From: Josh Poimboeuf <jpoimboe@kernel.org> >> >> commit 0cd01ac5dcb1e18eb18df0f0d05b5de76522a437 upstream. >> >> Change the format of the 'spectre_v2' vulnerabilities sysfs file >> slightly by converting the commas to semicolons, so that mitigations for >> future variants can be grouped together and separated by commas. > > That's a user visible change that might break existing tools, no? Which is that way on upstream stable linux-5.15.y and the other stable trees. I do believe sysfs is not considered stable in format. Unlike syscall output. > > ...Juerg > > >> >> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> >> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> >> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> >> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> >> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> >> >> CVE-2024-2201 >> (cherry picked from commit 276fb9a658d0f44bc2e11b5f838cbe4e5759a223 linux-5.15.y) >> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> >> --- >> arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++------------ >> 1 file changed, 12 insertions(+), 12 deletions(-) >> >> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c >> index 9e139731436c..3d1a0961fec5 100644 >> --- a/arch/x86/kernel/cpu/bugs.c >> +++ b/arch/x86/kernel/cpu/bugs.c >> @@ -2596,15 +2596,15 @@ static char *stibp_state(void) >> >> switch (spectre_v2_user_stibp) { >> case SPECTRE_V2_USER_NONE: >> - return ", STIBP: disabled"; >> + return "; STIBP: disabled"; >> case SPECTRE_V2_USER_STRICT: >> - return ", STIBP: forced"; >> + return "; STIBP: forced"; >> case SPECTRE_V2_USER_STRICT_PREFERRED: >> - return ", STIBP: always-on"; >> + return "; STIBP: always-on"; >> case SPECTRE_V2_USER_PRCTL: >> case SPECTRE_V2_USER_SECCOMP: >> if (static_key_enabled(&switch_to_cond_stibp)) >> - return ", STIBP: conditional"; >> + return "; STIBP: conditional"; >> } >> return ""; >> } >> @@ -2613,10 +2613,10 @@ static char *ibpb_state(void) >> { >> if (boot_cpu_has(X86_FEATURE_IBPB)) { >> if (static_key_enabled(&switch_mm_always_ibpb)) >> - return ", IBPB: always-on"; >> + return "; IBPB: always-on"; >> if (static_key_enabled(&switch_mm_cond_ibpb)) >> - return ", IBPB: conditional"; >> - return ", IBPB: disabled"; >> + return "; IBPB: conditional"; >> + return "; IBPB: disabled"; >> } >> return ""; >> } >> @@ -2626,11 +2626,11 @@ static char *pbrsb_eibrs_state(void) >> if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { >> if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || >> boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) >> - return ", PBRSB-eIBRS: SW sequence"; >> + return "; PBRSB-eIBRS: SW sequence"; >> else >> - return ", PBRSB-eIBRS: Vulnerable"; >> + return "; PBRSB-eIBRS: Vulnerable"; >> } else { >> - return ", PBRSB-eIBRS: Not affected"; >> + return "; PBRSB-eIBRS: Not affected"; >> } >> } >> >> @@ -2649,9 +2649,9 @@ static ssize_t spectre_v2_show_state(char *buf) >> return sysfs_emit(buf, "%s%s%s%s%s%s%s\n", >> spectre_v2_strings[spectre_v2_enabled], >> ibpb_state(), >> - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", >> + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", >> stibp_state(), >> - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", >> + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", >> pbrsb_eibrs_state(), >> spectre_v2_module_string()); >> } >
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9e139731436c..3d1a0961fec5 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2596,15 +2596,15 @@ static char *stibp_state(void) switch (spectre_v2_user_stibp) { case SPECTRE_V2_USER_NONE: - return ", STIBP: disabled"; + return "; STIBP: disabled"; case SPECTRE_V2_USER_STRICT: - return ", STIBP: forced"; + return "; STIBP: forced"; case SPECTRE_V2_USER_STRICT_PREFERRED: - return ", STIBP: always-on"; + return "; STIBP: always-on"; case SPECTRE_V2_USER_PRCTL: case SPECTRE_V2_USER_SECCOMP: if (static_key_enabled(&switch_to_cond_stibp)) - return ", STIBP: conditional"; + return "; STIBP: conditional"; } return ""; } @@ -2613,10 +2613,10 @@ static char *ibpb_state(void) { if (boot_cpu_has(X86_FEATURE_IBPB)) { if (static_key_enabled(&switch_mm_always_ibpb)) - return ", IBPB: always-on"; + return "; IBPB: always-on"; if (static_key_enabled(&switch_mm_cond_ibpb)) - return ", IBPB: conditional"; - return ", IBPB: disabled"; + return "; IBPB: conditional"; + return "; IBPB: disabled"; } return ""; } @@ -2626,11 +2626,11 @@ static char *pbrsb_eibrs_state(void) if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) - return ", PBRSB-eIBRS: SW sequence"; + return "; PBRSB-eIBRS: SW sequence"; else - return ", PBRSB-eIBRS: Vulnerable"; + return "; PBRSB-eIBRS: Vulnerable"; } else { - return ", PBRSB-eIBRS: Not affected"; + return "; PBRSB-eIBRS: Not affected"; } } @@ -2649,9 +2649,9 @@ static ssize_t spectre_v2_show_state(char *buf) return sysfs_emit(buf, "%s%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], ibpb_state(), - boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", + boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? "; IBRS_FW" : "", stibp_state(), - boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? "; RSB filling" : "", pbrsb_eibrs_state(), spectre_v2_module_string()); }