From patchwork Fri Jan 26 12:31:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 10185535
Return-Path: 
 <kernel-hardening-return-11442-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9C693601D5 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 Jan 2018 12:32:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90DE22916D
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 Jan 2018 12:32:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 81DC02916F; Fri, 26 Jan 2018 12:32:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8CBEF2916D
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Fri, 26 Jan 2018 12:32:27 +0000 (UTC)
Received: (qmail 22387 invoked by uid 550); 26 Jan 2018 12:32:25 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 22369 invoked from network); 26 Jan 2018 12:32:25 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references; s=mail; bh=lKkN
	ognqteV4AYVPOgKF2c2wzzE=; b=k9IOxM8U2kPI7ck7fIL46l40DAp7wQucgg3b
	29PwdVtFxZCr9TEbE76VuTCSH1DElZvDyMA87m6MSTJhk5gk30F36p7EI5UUKKBK
	+da15dGqqR+rfey3RmbRkvRN3jQMAe9JKSvk0J26H8VgzT1p5Jbu8qdDC4cGS5g2
	B+P5ZPXvdxThPyuKrvgTCN2hmFxKBmm88bsHMPilIovQyJsKvPcYa4zO8IxmzbyT
	Qn4hzLCecyxRFKzPzGec5kqgykcVuYsSmfy27Qe9j/1Q3oZ7QrB5G5XGJcqrB60o
	ZtG1kD0r3JLE1yNGKS/CVzedNYcNkSV/1/zXxvCmyLJqlQlLtw==
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, gnomes@lxorguk.ukuu.org.uk
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 26 Jan 2018 13:31:58 +0100
Message-Id: <20180126123158.9575-1-Jason@zx2c4.com>
In-Reply-To: 
 <CAHmME9p7QdAZf2NR4fkheRFVUoH1a27rmRcOnzkSS+nE5gJ63Q@mail.gmail.com>
References: 
 <CAHmME9p7QdAZf2NR4fkheRFVUoH1a27rmRcOnzkSS+nE5gJ63Q@mail.gmail.com>
Subject: [kernel-hardening] [PATCH v2] cpu: do not leak vulnerabilities to
	unprivileged users
X-Virus-Scanned: ClamAV using ClamSMTP

While it's public information if the CPU in general has spectre/meltdown
bugs, it probably shouldn't be as globally obvious to all unprivileged
users whether or not the kernel is doing something to mitigate those
bugs. While an attacker can obviously probe and try, there frequently is
a trade-off attackers make of how much probing around they're willing to
do versus the certainty of an attack working, in order to reduce
detection. By making it loud and clear that the kernel _is_ vulnerable,
we're simply aiding the trade-off calculations attackers have to make
when choosing which vectors to target.

So, this patch changes the permissions to 0400 to make the attacker's
job slightly less easy. While we're at it, we clean up the leak in dmesg
too.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
v2 handles dmesg too.

 arch/x86/kernel/cpu/bugs.c | 1 -
 drivers/base/cpu.c         | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 390b3dc3d438..e512ae82f201 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -230,7 +230,6 @@ static void __init spectre_v2_select_mitigation(void)
 	}
 
 	spectre_v2_enabled = mode;
-	pr_info("%s\n", spectre_v2_strings[mode]);
 
 	/*
 	 * If neither SMEP or KPTI are available, there is a risk of
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
index d99038487a0d..a3a8e008f957 100644
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -531,9 +531,9 @@ ssize_t __weak cpu_show_spectre_v2(struct device *dev,
 	return sprintf(buf, "Not affected\n");
 }
 
-static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
-static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
-static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
+static DEVICE_ATTR(meltdown, 0400, cpu_show_meltdown, NULL);
+static DEVICE_ATTR(spectre_v1, 0400, cpu_show_spectre_v1, NULL);
+static DEVICE_ATTR(spectre_v2, 0400, cpu_show_spectre_v2, NULL);
 
 static struct attribute *cpu_root_vulnerabilities_attrs[] = {
 	&dev_attr_meltdown.attr,