[Acked] [SRU][Xenial][PATCH 0/3] Cleanups for CVE-2017-5715 (Spectre v2)

Andy Whitcroft apw at canonical.com
Fri Nov 30 12:00:55 UTC 2018


On Wed, Nov 21, 2018 at 02:58:28PM +0100, Juerg Haefliger wrote:
> This patchset cleans up the Ubuntu-specific IBRS and IBPB runtime controls.
> The runtime controls from the embargoed patches are messy and spread all
> over the place. These patches consolidate the modifications into the
> proper places (commandline options in arch/x86/kernel/cpu/bugs.c instead of
> kernel/smp.c, speculation macros in arch/x86/include/asm/nospec-branch.h
> instead of open-coded) and merge them with the additional spectre-related
> changes that went in recently.
> 
> In addtion, the 2nd patch adds an entry to
> /sys/devices/system/cpu/vulnerabilities/spectre_v2 when IBRS is enabled
> via procfs to return the full set of enabled mitigations.
> 
> Compile-tested all architectures. Ran release tests to verify no
> regression is introduced. Fiddled with the ibrs_enabled and ibpb_enabled
> procfs controls to verify proper behaviour.
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> 
> 
> Juerg Haefliger (3):
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling
>   UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling
>   UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk
> 
>  arch/x86/include/asm/mwait.h         |   6 +-
>  arch/x86/include/asm/nospec-branch.h |  28 +++-
>  arch/x86/include/asm/spec_ctrl.h     |  11 +-
>  arch/x86/kernel/cpu/amd.c            |   5 +-
>  arch/x86/kernel/cpu/bugs.c           |  87 +++++++-----
>  arch/x86/kernel/cpu/microcode/core.c |  23 ---
>  arch/x86/kernel/process.c            |  10 +-
>  arch/x86/kernel/smpboot.c            |   6 +-
>  arch/x86/kvm/svm.c                   |   6 +-
>  arch/x86/kvm/vmx.c                   |   3 +-
>  arch/x86/lib/delay.c                 |   8 +-
>  arch/x86/mm/tlb.c                    |   2 +-
>  include/linux/smp.h                  |  83 -----------
>  kernel/smp.c                         |  46 ------
>  kernel/sysctl.c                      | 201 ++++++++++++++++-----------
>  15 files changed, 223 insertions(+), 302 deletions(-)
> 
> -- 

I assume we have some testing we can do on top to confirm these work on
the final kernels.  They look ok on face value and the desire is good.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw



More information about the kernel-team mailing list