Date: Thu, 25 Jan 2018 13:34:33 +0000 From: Alan Cox <gnomes@...rguk.ukuu.org.uk> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH] cpu: do not leak vulnerabilities to unprivileged users On Thu, 25 Jan 2018 13:04:01 +0100 "Jason A. Donenfeld" <Jason@...c4.com> wrote: > While it's public information if the CPU in general has spectre/meltdown > bugs, it probably shouldn't be as globally obvious to all unprivileged > users whether or not the kernel is doing something to mitigate There are plenty of cases where it is useful for an application such as a JIT to know what level of protection it needs to be providing. For example if you look across the ecosystem (notably ARM) a lot of common slower processors are not vulnerable. For those a JIT would want to generate code without the overhead of any protections. As you observe any attacker can already trivially ascertain whether protection is on, so there is no point pretending file permissions magically stop that. In fact the information is already in cpuinfo. IMHO given it's trivially available info and useful for JITs it make sense for the data to be exposed. Alan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.