action #37625
closed
[kernel] Check for spectre/meltdown vulnerabilities
Added by okurz almost 6 years ago.
Updated over 4 years ago.
Description
AFAIU we can check for some critical vulnerabilities by checking the /sys tree, e.g.
$ cat /sys/devices/system/cpu/vulnerabilities/*
Mitigation: PTI
Vulnerable
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB, IBRS_FW
Should we create an openQA test around that?
- Status changed from New to Rejected
All this tells us is that the hardware is vulnerable and what mitigations are configured. It doesn't tells us if the kernel is actually vulnerable or not. For that we have tests in the LTP which try to reproduce the vulnerabilities. These are complex and require collaboration upstream.
We could check that this message is printed out for vulnerable hardware, but this is likely just to create noise when the message changes and it doesn't tell us if the mitigations are actually working. Also there are many, far easier to exploit, software bugs which need attention. See https://github.com/linux-test-project/ltp/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+label%3Areproducer+
Also available in: Atom
PDF