Commit 1d30800c authored by Borislav Petkov's avatar Borislav Petkov

x86/bugs: Use sysfs_emit()

Those mitigations are very talkative; use the printing helper which pays
attention to the buffer size.
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220809153419.10182-1-bp@alien8.de
parent 9abf2313
...@@ -2206,74 +2206,74 @@ static const char * const l1tf_vmx_states[] = { ...@@ -2206,74 +2206,74 @@ static const char * const l1tf_vmx_states[] = {
static ssize_t l1tf_show_state(char *buf) static ssize_t l1tf_show_state(char *buf)
{ {
if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO)
return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG);
if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED ||
(l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER &&
sched_smt_active())) { sched_smt_active())) {
return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, return sysfs_emit(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG,
l1tf_vmx_states[l1tf_vmx_mitigation]); l1tf_vmx_states[l1tf_vmx_mitigation]);
} }
return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, return sysfs_emit(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG,
l1tf_vmx_states[l1tf_vmx_mitigation], l1tf_vmx_states[l1tf_vmx_mitigation],
sched_smt_active() ? "vulnerable" : "disabled"); sched_smt_active() ? "vulnerable" : "disabled");
} }
static ssize_t itlb_multihit_show_state(char *buf) static ssize_t itlb_multihit_show_state(char *buf)
{ {
if (!boot_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) || if (!boot_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||
!boot_cpu_has(X86_FEATURE_VMX)) !boot_cpu_has(X86_FEATURE_VMX))
return sprintf(buf, "KVM: Mitigation: VMX unsupported\n"); return sysfs_emit(buf, "KVM: Mitigation: VMX unsupported\n");
else if (!(cr4_read_shadow() & X86_CR4_VMXE)) else if (!(cr4_read_shadow() & X86_CR4_VMXE))
return sprintf(buf, "KVM: Mitigation: VMX disabled\n"); return sysfs_emit(buf, "KVM: Mitigation: VMX disabled\n");
else if (itlb_multihit_kvm_mitigation) else if (itlb_multihit_kvm_mitigation)
return sprintf(buf, "KVM: Mitigation: Split huge pages\n"); return sysfs_emit(buf, "KVM: Mitigation: Split huge pages\n");
else else
return sprintf(buf, "KVM: Vulnerable\n"); return sysfs_emit(buf, "KVM: Vulnerable\n");
} }
#else #else
static ssize_t l1tf_show_state(char *buf) static ssize_t l1tf_show_state(char *buf)
{ {
return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG);
} }
static ssize_t itlb_multihit_show_state(char *buf) static ssize_t itlb_multihit_show_state(char *buf)
{ {
return sprintf(buf, "Processor vulnerable\n"); return sysfs_emit(buf, "Processor vulnerable\n");
} }
#endif #endif
static ssize_t mds_show_state(char *buf) static ssize_t mds_show_state(char *buf)
{ {
if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
return sprintf(buf, "%s; SMT Host state unknown\n", return sysfs_emit(buf, "%s; SMT Host state unknown\n",
mds_strings[mds_mitigation]); mds_strings[mds_mitigation]);
} }
if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) { if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) {
return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
(mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" : (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" :
sched_smt_active() ? "mitigated" : "disabled")); sched_smt_active() ? "mitigated" : "disabled"));
} }
return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation], return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],
sched_smt_active() ? "vulnerable" : "disabled"); sched_smt_active() ? "vulnerable" : "disabled");
} }
static ssize_t tsx_async_abort_show_state(char *buf) static ssize_t tsx_async_abort_show_state(char *buf)
{ {
if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) || if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) ||
(taa_mitigation == TAA_MITIGATION_OFF)) (taa_mitigation == TAA_MITIGATION_OFF))
return sprintf(buf, "%s\n", taa_strings[taa_mitigation]); return sysfs_emit(buf, "%s\n", taa_strings[taa_mitigation]);
if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
return sprintf(buf, "%s; SMT Host state unknown\n", return sysfs_emit(buf, "%s; SMT Host state unknown\n",
taa_strings[taa_mitigation]); taa_strings[taa_mitigation]);
} }
return sprintf(buf, "%s; SMT %s\n", taa_strings[taa_mitigation], return sysfs_emit(buf, "%s; SMT %s\n", taa_strings[taa_mitigation],
sched_smt_active() ? "vulnerable" : "disabled"); sched_smt_active() ? "vulnerable" : "disabled");
} }
static ssize_t mmio_stale_data_show_state(char *buf) static ssize_t mmio_stale_data_show_state(char *buf)
...@@ -2341,73 +2341,72 @@ static char *pbrsb_eibrs_state(void) ...@@ -2341,73 +2341,72 @@ static char *pbrsb_eibrs_state(void)
static ssize_t spectre_v2_show_state(char *buf) static ssize_t spectre_v2_show_state(char *buf)
{ {
if (spectre_v2_enabled == SPECTRE_V2_LFENCE) if (spectre_v2_enabled == SPECTRE_V2_LFENCE)
return sprintf(buf, "Vulnerable: LFENCE\n"); return sysfs_emit(buf, "Vulnerable: LFENCE\n");
if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled()) if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())
return sprintf(buf, "Vulnerable: eIBRS with unprivileged eBPF\n"); return sysfs_emit(buf, "Vulnerable: eIBRS with unprivileged eBPF\n");
if (sched_smt_active() && unprivileged_ebpf_enabled() && if (sched_smt_active() && unprivileged_ebpf_enabled() &&
spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE)
return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); return sysfs_emit(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n");
return sprintf(buf, "%s%s%s%s%s%s%s\n", return sysfs_emit(buf, "%s%s%s%s%s%s%s\n",
spectre_v2_strings[spectre_v2_enabled], spectre_v2_strings[spectre_v2_enabled],
ibpb_state(), ibpb_state(),
boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
stibp_state(), stibp_state(),
boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",
pbrsb_eibrs_state(), pbrsb_eibrs_state(),
spectre_v2_module_string()); spectre_v2_module_string());
} }
static ssize_t srbds_show_state(char *buf) static ssize_t srbds_show_state(char *buf)
{ {
return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]); return sysfs_emit(buf, "%s\n", srbds_strings[srbds_mitigation]);
} }
static ssize_t retbleed_show_state(char *buf) static ssize_t retbleed_show_state(char *buf)
{ {
if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET || if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET ||
retbleed_mitigation == RETBLEED_MITIGATION_IBPB) { retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {
if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD && if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
boot_cpu_data.x86_vendor != X86_VENDOR_HYGON) boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)
return sprintf(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n"); return sysfs_emit(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n");
return sprintf(buf, "%s; SMT %s\n", return sysfs_emit(buf, "%s; SMT %s\n", retbleed_strings[retbleed_mitigation],
retbleed_strings[retbleed_mitigation], !sched_smt_active() ? "disabled" :
!sched_smt_active() ? "disabled" : spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT || spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ?
spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ? "enabled with STIBP protection" : "vulnerable");
"enabled with STIBP protection" : "vulnerable");
} }
return sprintf(buf, "%s\n", retbleed_strings[retbleed_mitigation]); return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]);
} }
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
char *buf, unsigned int bug) char *buf, unsigned int bug)
{ {
if (!boot_cpu_has_bug(bug)) if (!boot_cpu_has_bug(bug))
return sprintf(buf, "Not affected\n"); return sysfs_emit(buf, "Not affected\n");
switch (bug) { switch (bug) {
case X86_BUG_CPU_MELTDOWN: case X86_BUG_CPU_MELTDOWN:
if (boot_cpu_has(X86_FEATURE_PTI)) if (boot_cpu_has(X86_FEATURE_PTI))
return sprintf(buf, "Mitigation: PTI\n"); return sysfs_emit(buf, "Mitigation: PTI\n");
if (hypervisor_is_type(X86_HYPER_XEN_PV)) if (hypervisor_is_type(X86_HYPER_XEN_PV))
return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n"); return sysfs_emit(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n");
break; break;
case X86_BUG_SPECTRE_V1: case X86_BUG_SPECTRE_V1:
return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]); return sysfs_emit(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]);
case X86_BUG_SPECTRE_V2: case X86_BUG_SPECTRE_V2:
return spectre_v2_show_state(buf); return spectre_v2_show_state(buf);
case X86_BUG_SPEC_STORE_BYPASS: case X86_BUG_SPEC_STORE_BYPASS:
return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); return sysfs_emit(buf, "%s\n", ssb_strings[ssb_mode]);
case X86_BUG_L1TF: case X86_BUG_L1TF:
if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV)) if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV))
...@@ -2437,7 +2436,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr ...@@ -2437,7 +2436,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
break; break;
} }
return sprintf(buf, "Vulnerable\n"); return sysfs_emit(buf, "Vulnerable\n");
} }
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment