[SRU][Xenial][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)
Juerg Haefliger
juerg.haefliger at canonical.com
Wed Nov 21 13:58:28 UTC 2018
This patchset cleans up the Ubuntu-specific IBRS and IBPB runtime controls.
The runtime controls from the embargoed patches are messy and spread all
over the place. These patches consolidate the modifications into the
proper places (commandline options in arch/x86/kernel/cpu/bugs.c instead of
kernel/smp.c, speculation macros in arch/x86/include/asm/nospec-branch.h
instead of open-coded) and merge them with the additional spectre-related
changes that went in recently.
In addtion, the 2nd patch adds an entry to
/sys/devices/system/cpu/vulnerabilities/spectre_v2 when IBRS is enabled
via procfs to return the full set of enabled mitigations.
Compile-tested all architectures. Ran release tests to verify no
regression is introduced. Fiddled with the ibrs_enabled and ibpb_enabled
procfs controls to verify proper behaviour.
Signed-off-by: Juerg Haefliger <juergh at canonical.com>
Juerg Haefliger (3):
UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
arch/x86/include/asm/mwait.h | 6 +-
arch/x86/include/asm/nospec-branch.h | 28 +++-
arch/x86/include/asm/spec_ctrl.h | 11 +-
arch/x86/kernel/cpu/amd.c | 5 +-
arch/x86/kernel/cpu/bugs.c | 87 +++++++-----
arch/x86/kernel/cpu/microcode/core.c | 23 ---
arch/x86/kernel/process.c | 10 +-
arch/x86/kernel/smpboot.c | 6 +-
arch/x86/kvm/svm.c | 6 +-
arch/x86/kvm/vmx.c | 3 +-
arch/x86/lib/delay.c | 8 +-
arch/x86/mm/tlb.c | 2 +-
include/linux/smp.h | 83 -----------
kernel/smp.c | 46 ------
kernel/sysctl.c | 201 ++++++++++++++++-----------
15 files changed, 223 insertions(+), 302 deletions(-)
--
2.19.1
More information about the kernel-team
mailing list