Commit 1d30800c authored by Borislav Petkov's avatar Borislav Petkov
Browse files

x86/bugs: Use sysfs_emit() 



Those mitigations are very talkative; use the printing helper which pays
attention to the buffer size.

Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220809153419.10182-1-bp@alien8.de
parent 9abf2313

arch/x86/kernel/cpu/bugs.c

+51 −52
Original line number Diff line number Diff line
@@ -2206,16 +2206,16 @@ static const char * const l1tf_vmx_states[] = { 
static ssize_t l1tf_show_state(char *buf)

{

	if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO)

		return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG);

		return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG);



	if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED ||

	    (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER &&

	     sched_smt_active())) {

		return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG,

		return sysfs_emit(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG,

				  l1tf_vmx_states[l1tf_vmx_mitigation]);

	}



	return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG,

	return sysfs_emit(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG,

			  l1tf_vmx_states[l1tf_vmx_mitigation],

			  sched_smt_active() ? "vulnerable" : "disabled");

}
@@ -2224,40 +2224,40 @@ static ssize_t itlb_multihit_show_state(char *buf) 
{

	if (!boot_cpu_has(X86_FEATURE_MSR_IA32_FEAT_CTL) ||

	    !boot_cpu_has(X86_FEATURE_VMX))

		return sprintf(buf, "KVM: Mitigation: VMX unsupported\n");

		return sysfs_emit(buf, "KVM: Mitigation: VMX unsupported\n");

	else if (!(cr4_read_shadow() & X86_CR4_VMXE))

		return sprintf(buf, "KVM: Mitigation: VMX disabled\n");

		return sysfs_emit(buf, "KVM: Mitigation: VMX disabled\n");

	else if (itlb_multihit_kvm_mitigation)

		return sprintf(buf, "KVM: Mitigation: Split huge pages\n");

		return sysfs_emit(buf, "KVM: Mitigation: Split huge pages\n");

	else

		return sprintf(buf, "KVM: Vulnerable\n");

		return sysfs_emit(buf, "KVM: Vulnerable\n");

}

#else

static ssize_t l1tf_show_state(char *buf)

{

	return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG);

	return sysfs_emit(buf, "%s\n", L1TF_DEFAULT_MSG);

}



static ssize_t itlb_multihit_show_state(char *buf)

{

	return sprintf(buf, "Processor vulnerable\n");

	return sysfs_emit(buf, "Processor vulnerable\n");

}

#endif



static ssize_t mds_show_state(char *buf)

{

	if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {

		return sprintf(buf, "%s; SMT Host state unknown\n",

		return sysfs_emit(buf, "%s; SMT Host state unknown\n",

				  mds_strings[mds_mitigation]);

	}



	if (boot_cpu_has(X86_BUG_MSBDS_ONLY)) {

		return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],

		return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],

				  (mds_mitigation == MDS_MITIGATION_OFF ? "vulnerable" :

				   sched_smt_active() ? "mitigated" : "disabled"));

	}



	return sprintf(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],

	return sysfs_emit(buf, "%s; SMT %s\n", mds_strings[mds_mitigation],

			  sched_smt_active() ? "vulnerable" : "disabled");

}
@@ -2265,14 +2265,14 @@ static ssize_t tsx_async_abort_show_state(char *buf) 
{

	if ((taa_mitigation == TAA_MITIGATION_TSX_DISABLED) ||

	    (taa_mitigation == TAA_MITIGATION_OFF))

		return sprintf(buf, "%s\n", taa_strings[taa_mitigation]);

		return sysfs_emit(buf, "%s\n", taa_strings[taa_mitigation]);



	if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {

		return sprintf(buf, "%s; SMT Host state unknown\n",

		return sysfs_emit(buf, "%s; SMT Host state unknown\n",

				  taa_strings[taa_mitigation]);

	}



	return sprintf(buf, "%s; SMT %s\n", taa_strings[taa_mitigation],

	return sysfs_emit(buf, "%s; SMT %s\n", taa_strings[taa_mitigation],

			  sched_smt_active() ? "vulnerable" : "disabled");

}
@@ -2341,16 +2341,16 @@ static char *pbrsb_eibrs_state(void) 
static ssize_t spectre_v2_show_state(char *buf)

{

	if (spectre_v2_enabled == SPECTRE_V2_LFENCE)

		return sprintf(buf, "Vulnerable: LFENCE\n");

		return sysfs_emit(buf, "Vulnerable: LFENCE\n");



	if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())

		return sprintf(buf, "Vulnerable: eIBRS with unprivileged eBPF\n");

		return sysfs_emit(buf, "Vulnerable: eIBRS with unprivileged eBPF\n");



	if (sched_smt_active() && unprivileged_ebpf_enabled() &&

	    spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE)

		return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n");

		return sysfs_emit(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n");



	return sprintf(buf, "%s%s%s%s%s%s%s\n",

	return sysfs_emit(buf, "%s%s%s%s%s%s%s\n",

			  spectre_v2_strings[spectre_v2_enabled],

			  ibpb_state(),

			  boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
@@ -2362,7 +2362,7 @@ static ssize_t spectre_v2_show_state(char *buf) 


static ssize_t srbds_show_state(char *buf)

{

	return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]);

	return sysfs_emit(buf, "%s\n", srbds_strings[srbds_mitigation]);

}



static ssize_t retbleed_show_state(char *buf)
@@ -2371,43 +2371,42 @@ static ssize_t retbleed_show_state(char *buf) 
	    retbleed_mitigation == RETBLEED_MITIGATION_IBPB) {

		if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&

		    boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)

		    return sprintf(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n");

			return sysfs_emit(buf, "Vulnerable: untrained return thunk / IBPB on non-AMD based uarch\n");



	    return sprintf(buf, "%s; SMT %s\n",

			   retbleed_strings[retbleed_mitigation],

		return sysfs_emit(buf, "%s; SMT %s\n", retbleed_strings[retbleed_mitigation],

				  !sched_smt_active() ? "disabled" :

				  spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||

				  spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ?

				  "enabled with STIBP protection" : "vulnerable");

	}



	return sprintf(buf, "%s\n", retbleed_strings[retbleed_mitigation]);

	return sysfs_emit(buf, "%s\n", retbleed_strings[retbleed_mitigation]);

}



static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,

			       char *buf, unsigned int bug)

{

	if (!boot_cpu_has_bug(bug))

		return sprintf(buf, "Not affected\n");

		return sysfs_emit(buf, "Not affected\n");



	switch (bug) {

	case X86_BUG_CPU_MELTDOWN:

		if (boot_cpu_has(X86_FEATURE_PTI))

			return sprintf(buf, "Mitigation: PTI\n");

			return sysfs_emit(buf, "Mitigation: PTI\n");



		if (hypervisor_is_type(X86_HYPER_XEN_PV))

			return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n");

			return sysfs_emit(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n");



		break;



	case X86_BUG_SPECTRE_V1:

		return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]);

		return sysfs_emit(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]);



	case X86_BUG_SPECTRE_V2:

		return spectre_v2_show_state(buf);



	case X86_BUG_SPEC_STORE_BYPASS:

		return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);

		return sysfs_emit(buf, "%s\n", ssb_strings[ssb_mode]);



	case X86_BUG_L1TF:

		if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV))
@@ -2437,7 +2436,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr 
		break;

	}



	return sprintf(buf, "Vulnerable\n");

	return sysfs_emit(buf, "Vulnerable\n");

}



ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)