ACK: [SRU][Bionic][PULL v2] Update speculation side-channel mitigations

Stefan Bader stefan.bader at canonical.com
Thu Mar 28 15:00:40 UTC 2019 

On 27.03.19 21:31, Tyler Hicks wrote:
> This is a cleaned up (followup patches applied and ACKs gathered) and
> ready-to-pull revision of this thread:
> 
>   https://lists.ubuntu.com/archives/kernel-team/2019-March/099462.html
> 
> The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91:
> 
>   UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000)
> 
> are available in the git repository at:
> 
>   https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation-v2
> 
> for you to fetch changes up to d8ef5c02ffcf43739ce5eb0048cfd87ffde04aa6:
> 
>   x86/speculation: Simplify the CPU bug detection logic (2019-03-27 19:58:24 +0000)
> 
> ----------------------------------------------------------------
> Andi Kleen (1):
>       x86/spectre: Add missing family 6 check to microcode check
> 
> Andy Lutomirski (1):
>       x86/nmi: Fix NMI uaccess race against CR3 switching
> 
> Arnaldo Carvalho de Melo (1):
>       tools headers: Synchronize prctl.h ABI header
> 
> Dominik Brodowski (1):
>       x86/speculation: Simplify the CPU bug detection logic
> 
> Jim Mattson (1):
>       kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
> 
> Jiri Kosina (3):
>       x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
>       x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
>       x86/speculation: Propagate information about RSB filling mitigation to sysfs
> 
> Konrad Rzeszutek Wilk (3):
>       x86/bugs: Add AMD's variant of SSB_NO
>       x86/bugs: Add AMD's SPEC_CTRL MSR usage
>       x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
> 
> Martin Schwidefsky (1):
>       s390: remove closung punctuation from spectre messages
> 
> Peter Zijlstra (Intel) (1):
>       sched/smt: Make sched_smt_present track topology
> 
> Thomas Gleixner (22):
>       KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
>       x86/speculation: Rename SSBD update functions
>       x86/Kconfig: Select SCHED_SMT if SMP enabled
>       sched/smt: Expose sched_smt_present static key
>       x86/speculation: Rework SMT state change
>       x86/l1tf: Show actual SMT state
>       x86/speculation: Reorder the spec_v2 code
>       x86/speculation: Mark string arrays const correctly
>       x86/speculataion: Mark command line parser data __initdata
>       x86/speculation: Unify conditional spectre v2 print functions
>       x86/speculation: Add command line control for indirect branch speculation
>       x86/process: Consolidate and simplify switch_to_xtra() code
>       x86/speculation: Avoid __switch_to_xtra() calls
>       x86/speculation: Prepare for conditional IBPB in switch_mm()
>       ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
>       x86/speculation: Split out TIF update
>       x86/speculation: Prevent stale SPEC_CTRL msr content
>       x86/speculation: Prepare arch_smt_update() for PRCTL mode
>       x86/speculation: Add prctl() control for indirect branch speculation
>       x86/speculation: Enable prctl mode for spectre_v2_user
>       x86/speculation: Add seccomp Spectre v2 user space protection mode
>       x86/speculation: Provide IBPB always command line options
> 
> Thomas Lendacky (1):
>       x86/speculation: Add support for STIBP always-on preferred mode
> 
> Tim Chen (7):
>       x86/speculation: Update the TIF_SSBD comment
>       x86/speculation: Clean up spectre_v2_parse_cmdline()
>       x86/speculation: Remove unnecessary ret variable in cpu_show_common()
>       x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
>       x86/speculation: Disable STIBP when enhanced IBRS is in use
>       x86/speculation: Reorganize speculation control MSRs update
>       x86/speculation: Prepare for per task indirect branch speculation control
> 
> Tom Lendacky (2):
>       x86/bugs: Update when to check for the LS_CFG SSBD mitigation
>       x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
> 
> WANG Chao (1):
>       x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
> 
> Waiman Long (1):
>       x86/speculation: Change misspelled STIPB to STIBP
> 
> Zhenzhong Duan (3):
>       x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
>       x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
>       x86/retpoline: Remove minimal retpoline support
> 
>  Documentation/admin-guide/kernel-parameters.txt |  56 ++-
>  Documentation/userspace-api/spec_ctrl.rst       |   9 +
>  arch/s390/kernel/nospec-branch.c                |   4 +-
>  arch/x86/Kconfig                                |  12 +-
>  arch/x86/Makefile                               |   5 +-
>  arch/x86/events/core.c                          |   2 +-
>  arch/x86/include/asm/cpufeatures.h              |   3 +
>  arch/x86/include/asm/msr-index.h                |   5 +-
>  arch/x86/include/asm/nospec-branch.h            |  44 +-
>  arch/x86/include/asm/spec-ctrl.h                |  20 +-
>  arch/x86/include/asm/switch_to.h                |   3 -
>  arch/x86/include/asm/thread_info.h              |  20 +-
>  arch/x86/include/asm/tlbflush.h                 |  48 ++-
>  arch/x86/kernel/cpu/amd.c                       |   4 +-
>  arch/x86/kernel/cpu/bugs.c                      | 528 +++++++++++++++++++-----
>  arch/x86/kernel/cpu/common.c                    |  31 +-
>  arch/x86/kernel/cpu/intel.c                     |   3 +
>  arch/x86/kernel/process.c                       | 101 ++++-
>  arch/x86/kernel/process.h                       |  39 ++
>  arch/x86/kernel/process_32.c                    |  10 +-
>  arch/x86/kernel/process_64.c                    |  10 +-
>  arch/x86/kvm/cpuid.c                            |  10 +-
>  arch/x86/kvm/svm.c                              |  36 +-
>  arch/x86/lib/usercopy.c                         |   5 +
>  arch/x86/mm/tlb.c                               | 120 ++++--
>  include/linux/compiler-gcc.h                    |   2 +-
>  include/linux/module.h                          |   2 +-
>  include/linux/ptrace.h                          |   4 +-
>  include/linux/sched.h                           |   9 +
>  include/linux/sched/smt.h                       |  20 +
>  include/uapi/linux/prctl.h                      |   1 +
>  kernel/cpu.c                                    |  14 +-
>  kernel/sched/core.c                             |  19 +-
>  kernel/sched/sched.h                            |   4 +-
>  scripts/Makefile.build                          |   2 -
>  scripts/mod/modpost.c                           |   2 +-
>  tools/include/uapi/linux/prctl.h                |  13 +
>  37 files changed, 962 insertions(+), 258 deletions(-)
>  create mode 100644 arch/x86/kernel/process.h
>  create mode 100644 include/linux/sched/smt.h
> 
Repeating ack (should be included in pull)

Acked-by: Stefan Bader <stefan.bader at canonical.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190328/77ca9973/attachment.sig>

More information about the kernel-team mailing list