summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorHoward Zhang <howard.zhang@arm.com>2021-03-31 18:31:59 +0800
committerHoward Zhang <howard.zhang@arm.com>2021-04-01 10:56:33 +0800
commit73679fae2a74697f26aedf9c5d219368bd4de469 (patch)
tree57de9ed87ea6226c5a868beb6a2669d6c8450577
parent8a2f7e716dcc62f04d2808e8ade34941c94fc956 (diff)
Disable mitigate and related test on ARM64
As MDS side channel attack does not affect ARM64, we disable mitigate on ARM64 in case misusage. For more detail, please refer to: https://access.redhat.com/security/vulnerabilities/mds Signed-off-by: Howard Zhang <howard.zhang@arm.com>
-rw-r--r--runsc/cmd/mitigate.go6
-rw-r--r--runsc/cmd/mitigate_test.go2
-rw-r--r--runsc/mitigate/mitigate_test.go2
3 files changed, 10 insertions, 0 deletions
diff --git a/runsc/cmd/mitigate.go b/runsc/cmd/mitigate.go
index fddf0e0dd..720141aa5 100644
--- a/runsc/cmd/mitigate.go
+++ b/runsc/cmd/mitigate.go
@@ -18,6 +18,7 @@ import (
"context"
"fmt"
"io/ioutil"
+ "runtime"
"github.com/google/subcommands"
"gvisor.dev/gvisor/pkg/log"
@@ -71,6 +72,11 @@ func (m *Mitigate) SetFlags(f *flag.FlagSet) {
// Execute implements subcommands.Command.Execute.
func (m *Mitigate) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus {
+ if runtime.GOARCH == "arm64" || runtime.GOARCH == "arm" {
+ log.Warningf("As ARM is not affected by MDS, mitigate does not support")
+ return subcommands.ExitFailure
+ }
+
if f.NArg() != 0 {
f.Usage()
return subcommands.ExitUsageError
diff --git a/runsc/cmd/mitigate_test.go b/runsc/cmd/mitigate_test.go
index 163fece42..54211ce32 100644
--- a/runsc/cmd/mitigate_test.go
+++ b/runsc/cmd/mitigate_test.go
@@ -12,6 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+// +build amd64
+
package cmd
import (
diff --git a/runsc/mitigate/mitigate_test.go b/runsc/mitigate/mitigate_test.go
index fbd8eb886..bd5a2433f 100644
--- a/runsc/mitigate/mitigate_test.go
+++ b/runsc/mitigate/mitigate_test.go
@@ -12,6 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+// +build amd64
+
package mitigate
import (