ACK/cmnt: [SRU][Xenial][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Kleber Souza kleber.souza at canonical.com
Wed Nov 28 15:02:02 UTC 2018


On 11/21/18 2:58 PM, Juerg Haefliger wrote:
> This patchset cleans up the Ubuntu-specific IBRS and IBPB runtime controls.
> The runtime controls from the embargoed patches are messy and spread all
> over the place. These patches consolidate the modifications into the
> proper places (commandline options in arch/x86/kernel/cpu/bugs.c instead of
> kernel/smp.c, speculation macros in arch/x86/include/asm/nospec-branch.h
> instead of open-coded) and merge them with the additional spectre-related
> changes that went in recently.
>
> In addtion, the 2nd patch adds an entry to
> /sys/devices/system/cpu/vulnerabilities/spectre_v2 when IBRS is enabled
> via procfs to return the full set of enabled mitigations.
>
> Compile-tested all architectures. Ran release tests to verify no
> regression is introduced. Fiddled with the ibrs_enabled and ibpb_enabled
> procfs controls to verify proper behaviour.
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
>
>
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
>
>  arch/x86/include/asm/mwait.h         |   6 +-
>  arch/x86/include/asm/nospec-branch.h |  28 +++-
>  arch/x86/include/asm/spec_ctrl.h     |  11 +-
>  arch/x86/kernel/cpu/amd.c            |   5 +-
>  arch/x86/kernel/cpu/bugs.c           |  87 +++++++-----
>  arch/x86/kernel/cpu/microcode/core.c |  23 ---
>  arch/x86/kernel/process.c            |  10 +-
>  arch/x86/kernel/smpboot.c            |   6 +-
>  arch/x86/kvm/svm.c                   |   6 +-
>  arch/x86/kvm/vmx.c                   |   3 +-
>  arch/x86/lib/delay.c                 |   8 +-
>  arch/x86/mm/tlb.c                    |   2 +-
>  include/linux/smp.h                  |  83 -----------
>  kernel/smp.c                         |  46 ------
>  kernel/sysctl.c                      | 201 ++++++++++++++++-----------
>  15 files changed, 223 insertions(+), 302 deletions(-)
>
Giving the missing CVE reference is fixed on the last patch:

Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>




More information about the kernel-team mailing list