diff options
author | Howard Zhang <howard.zhang@arm.com> | 2021-03-31 18:31:59 +0800 |
---|---|---|
committer | Howard Zhang <howard.zhang@arm.com> | 2021-04-01 10:56:33 +0800 |
commit | 73679fae2a74697f26aedf9c5d219368bd4de469 (patch) | |
tree | 57de9ed87ea6226c5a868beb6a2669d6c8450577 | |
parent | 8a2f7e716dcc62f04d2808e8ade34941c94fc956 (diff) |
Disable mitigate and related test on ARM64
As MDS side channel attack does not affect ARM64, we disable
mitigate on ARM64 in case misusage.
For more detail, please refer to:
https://access.redhat.com/security/vulnerabilities/mds
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
-rw-r--r-- | runsc/cmd/mitigate.go | 6 | ||||
-rw-r--r-- | runsc/cmd/mitigate_test.go | 2 | ||||
-rw-r--r-- | runsc/mitigate/mitigate_test.go | 2 |
3 files changed, 10 insertions, 0 deletions
diff --git a/runsc/cmd/mitigate.go b/runsc/cmd/mitigate.go index fddf0e0dd..720141aa5 100644 --- a/runsc/cmd/mitigate.go +++ b/runsc/cmd/mitigate.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "io/ioutil" + "runtime" "github.com/google/subcommands" "gvisor.dev/gvisor/pkg/log" @@ -71,6 +72,11 @@ func (m *Mitigate) SetFlags(f *flag.FlagSet) { // Execute implements subcommands.Command.Execute. func (m *Mitigate) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { + if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" { + log.Warningf("As ARM is not affected by MDS, mitigate does not support") + return subcommands.ExitFailure + } + if f.NArg() != 0 { f.Usage() return subcommands.ExitUsageError diff --git a/runsc/cmd/mitigate_test.go b/runsc/cmd/mitigate_test.go index 163fece42..54211ce32 100644 --- a/runsc/cmd/mitigate_test.go +++ b/runsc/cmd/mitigate_test.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build amd64 + package cmd import ( diff --git a/runsc/mitigate/mitigate_test.go b/runsc/mitigate/mitigate_test.go index fbd8eb886..bd5a2433f 100644 --- a/runsc/mitigate/mitigate_test.go +++ b/runsc/mitigate/mitigate_test.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build amd64 + package mitigate import ( |