NACK: [SRU][Bionic][PULL] Update speculation side-channel mitigations
Khaled Elmously
khalid.elmously at canonical.com
Thu Mar 28 06:05:34 UTC 2019
Thank you! :)
On 2019-03-27 15:28:44 , Tyler Hicks wrote:
> I'm going to send an updated, cleaned up pull request so ignore this one
> and all of the followup patches in this thread.
>
> Tyler
>
> On 2019-03-25 04:58:37, Tyler Hicks wrote:
> > Update the speculation side-channel mitigations to match recent upstream
> > changes in order to get userspace to userspace protections for Spectre Variant
> > 2, a few minor fixes for SSBD, and one that touches code related to Meltdown
> > changes.
> >
> > STIBP mode will be used conditionally. It will not be used on non-SMT systems.
> > It will be used on SMT systems to protect processes that have seccomp filters
> > loaded or processes that have used prctl() and the newly defined
> > PR_SPEC_INDIRECT_BRANCH argument to opt into STIBP protection.
> >
> > Indirect Branch Prediction Barrier (IBPB) will also be used conditionally when
> > switching between different userspace tasks and one of the tasks has a seccomp filter loaded or has used prctl() to opt into protection.
> >
> > I've tested these patches on SMT and non-SMT systems that I've been using for
> > several days without any issues. I've also ran the x86 selftests. Additionally,
> > I verified that loading a seccomp filter and/or opting into the mitigations via
> > prctl() correctly enables STIBP mode on the SMT system. Finally, I verified
> > that the dmesg and /sys/devices/system/cpu/vulnerabilities/* files report the
> > correct status when using the "nospectre_v2", "spectre_v2=off",
> > "spectre_v2_user=secccomp,ipbp", "spectre_v2_user=on", and
> > "spectre_v2_user=off" kernel command line options.
> >
> > All but three of the patches were clean cherry-picks. The three that required
> > backported were simple backports. These patches have all been applied to
> > various linux-stable trees.
> >
> > The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91:
> >
> > UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000)
> >
> > are available in the git repository at:
> >
> > https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation
> >
> > for you to fetch changes up to c50e39ffc134b9db8b3f8ee97bf6935f5e11d22a:
> >
> > x86/speculation: Provide IBPB always command line options (2019-03-15 18:33:39 +0000)
> >
> > ----------------------------------------------------------------
> > Andi Kleen (1):
> > x86/spectre: Add missing family 6 check to microcode check
> >
> > Andy Lutomirski (1):
> > x86/nmi: Fix NMI uaccess race against CR3 switching
> >
> > Arnaldo Carvalho de Melo (1):
> > tools headers: Synchronize prctl.h ABI header
> >
> > Jiri Kosina (3):
> > x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
> > x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
> > x86/speculation: Propagate information about RSB filling mitigation to sysfs
> >
> > Konrad Rzeszutek Wilk (3):
> > x86/bugs: Add AMD's variant of SSB_NO
> > x86/bugs: Add AMD's SPEC_CTRL MSR usage
> > x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
> >
> > Peter Zijlstra (Intel) (1):
> > sched/smt: Make sched_smt_present track topology
> >
> > Thomas Gleixner (22):
> > KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
> > x86/speculation: Rename SSBD update functions
> > x86/Kconfig: Select SCHED_SMT if SMP enabled
> > sched/smt: Expose sched_smt_present static key
> > x86/speculation: Rework SMT state change
> > x86/l1tf: Show actual SMT state
> > x86/speculation: Reorder the spec_v2 code
> > x86/speculation: Mark string arrays const correctly
> > x86/speculataion: Mark command line parser data __initdata
> > x86/speculation: Unify conditional spectre v2 print functions
> > x86/speculation: Add command line control for indirect branch speculation
> > x86/process: Consolidate and simplify switch_to_xtra() code
> > x86/speculation: Avoid __switch_to_xtra() calls
> > x86/speculation: Prepare for conditional IBPB in switch_mm()
> > ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
> > x86/speculation: Split out TIF update
> > x86/speculation: Prevent stale SPEC_CTRL msr content
> > x86/speculation: Prepare arch_smt_update() for PRCTL mode
> > x86/speculation: Add prctl() control for indirect branch speculation
> > x86/speculation: Enable prctl mode for spectre_v2_user
> > x86/speculation: Add seccomp Spectre v2 user space protection mode
> > x86/speculation: Provide IBPB always command line options
> >
> > Tim Chen (7):
> > x86/speculation: Update the TIF_SSBD comment
> > x86/speculation: Clean up spectre_v2_parse_cmdline()
> > x86/speculation: Remove unnecessary ret variable in cpu_show_common()
> > x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
> > x86/speculation: Disable STIBP when enhanced IBRS is in use
> > x86/speculation: Reorganize speculation control MSRs update
> > x86/speculation: Prepare for per task indirect branch speculation control
> >
> > Tom Lendacky (2):
> > x86/bugs: Update when to check for the LS_CFG SSBD mitigation
> > x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
> >
> > Zhenzhong Duan (3):
> > x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
> > x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
> > x86/retpoline: Remove minimal retpoline support
> >
> > Documentation/admin-guide/kernel-parameters.txt | 56 ++-
> > Documentation/userspace-api/spec_ctrl.rst | 9 +
> > arch/x86/Kconfig | 12 +-
> > arch/x86/Makefile | 5 +-
> > arch/x86/events/core.c | 2 +-
> > arch/x86/include/asm/cpufeatures.h | 2 +
> > arch/x86/include/asm/msr-index.h | 5 +-
> > arch/x86/include/asm/nospec-branch.h | 43 +-
> > arch/x86/include/asm/spec-ctrl.h | 20 +-
> > arch/x86/include/asm/switch_to.h | 3 -
> > arch/x86/include/asm/thread_info.h | 20 +-
> > arch/x86/include/asm/tlbflush.h | 48 ++-
> > arch/x86/kernel/cpu/amd.c | 4 +-
> > arch/x86/kernel/cpu/bugs.c | 510 +++++++++++++++++++-----
> > arch/x86/kernel/cpu/common.c | 9 +-
> > arch/x86/kernel/cpu/intel.c | 3 +
> > arch/x86/kernel/process.c | 101 ++++-
> > arch/x86/kernel/process.h | 39 ++
> > arch/x86/kernel/process_32.c | 10 +-
> > arch/x86/kernel/process_64.c | 10 +-
> > arch/x86/kvm/cpuid.c | 10 +-
> > arch/x86/kvm/svm.c | 16 +-
> > arch/x86/lib/usercopy.c | 5 +
> > arch/x86/mm/tlb.c | 120 ++++--
> > include/linux/ptrace.h | 4 +-
> > include/linux/sched.h | 9 +
> > include/linux/sched/smt.h | 20 +
> > include/uapi/linux/prctl.h | 1 +
> > kernel/cpu.c | 14 +-
> > kernel/sched/core.c | 19 +-
> > kernel/sched/sched.h | 4 +-
> > scripts/Makefile.build | 2 -
> > tools/include/uapi/linux/prctl.h | 13 +
> > 33 files changed, 916 insertions(+), 232 deletions(-)
> > create mode 100644 arch/x86/kernel/process.h
> > create mode 100644 include/linux/sched/smt.h
>
>
>
> > --
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list