ACK/cmnt: [SRU][Trusty][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)
kleber.souza at canonical.com
Wed Nov 28 15:05:09 UTC 2018
On 11/21/18 6:31 PM, Juerg Haefliger wrote:
> This is the second round of IBPB/IBRS runtime control cleanups for Trusty.
> With this, Trusty matches Xenial. The introduced fuctional changes are:
> - Write every IBPB and IBRS state change to the kernel log.
> - Return an error if the user tries to enable IBRS or IBPB on HW that
> doesn't support it.
> - Expose the IBRS state through sysfs.
> Compile-tested all architectures.
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> Juerg Haefliger (3):
> UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
> UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
> UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
> arch/x86/include/asm/nospec-branch.h | 12 +++--
> arch/x86/include/asm/spec_ctrl.h | 3 ++
> arch/x86/kernel/acpi/cstate.c | 4 +-
> arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++--------------
> arch/x86/kernel/process.c | 6 +--
> arch/x86/kernel/smpboot.c | 4 +-
> kernel/sysctl.c | 61 ++++++++++++++----------
> 7 files changed, 88 insertions(+), 71 deletions(-)
With the fixed CVE reference fixed on the last patch:
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team