ACK/cmnt: [SRU xenial/linux] switch Spectre V2 mitigation to retpoline
Andy Whitcroft
apw at canonical.com
Mon Feb 5 15:48:04 UTC 2018
On Mon, Feb 05, 2018 at 04:17:33PM +0100, Kleber Souza wrote:
> On 02/05/18 10:40, Andy Whitcroft wrote:
> > Now that retpoline has made it to stable it is appropriate we switch
> > over to this for mitigation of Spectre V2. This form is meant to have a
> > significantly lower performance penalty, and also does not require
> > microcode support from the processor.
> >
> > This is a large patchset as it has to revert the existing mitigations for
> > Spectre V1 and V2 as these are intertwined. We take advantage of this
> > to reapply a slightly updated Spectre V1 mitigation and to more clearly
> > identify those patches for when they are themselves replaced by final
> > upstream versions.
> >
> > The patches are split into 3 sections, each set has been marked up such
> > that they fall out separatly in the Ubuntu change (which is included in
> > the pull request at the end of this email).
> >
> > * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
> > * CVE-2017-5715 (Spectre v2 retpoline)
> > * CVE-2017-5753 (Spectre v1 Intel)
> >
> > Full pull-request is below. Proposing for SRU to xenial/linux.
> >
> > -apw
> >
> > The following changes since commit 63da13a92f24468262daef38150e069b908c3659:
> >
> > net: ipv4: fix for a race condition in raw_sendmsg (2018-02-02 15:01:03 +0100)
> >
> > are available in the Git repository at:
> >
> > https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/xenial-retpoline-intelv1--pull
> >
> > for you to fetch changes up to 2a7816e589e90e580390022c73c30a775a16b49c:
> >
> > arm: no osb() implementation yet (2018-02-04 15:11:02 +0000)
>
> 2a7816e589e90e580390022c73c30a775a16b49c is not reachable from
> pti/xenial-retpoline-intelv1--pull, it seems to be
> e267f1d0fc458cab3470fa54a6d573e2cb1994e5 instead.
>
> If that's the case:
>
> Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
That is indeed the correct updated sha1. I added the commit to disable
the retpoline checks and slid it down and into the middle. Derp.
-apw
More information about the kernel-team
mailing list