APPLIED: [SRU Focal][Pull] Retbleed IBRS mitigation

Stefan Bader stefan.bader at canonical.com
Thu Oct 6 14:04:37 UTC 2022 

On 05.10.22 20:43, Thadeu Lima de Souza Cascardo wrote:
> 
> This mitigates Retbleed on Intel parts that support IBRS. This has been
> submitted to upstream stable trees and has been boot and smoke tested on
> different AMD and Intel parts.
> 
> 
> The following changes since commit 616ded90414dbe3bf712ccc4d3fa4eb21d2bec37:
> 
>    ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (2022-10-05 16:29:09 +0200)
> 
> are available in the Git repository at:
> 
>    git://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/focal retbleed
> 
> for you to fetch changes up to cd16b9b58785af9492d00408a7078125e48ea75f:
> 
>    x86/speculation: Add RSB VM Exit protections (2022-10-05 15:13:06 -0300)
> 
> ----------------------------------------------------------------
> Alexandre Chartre (2):
>        x86/bugs: Report AMD retbleed vulnerability
>        x86/bugs: Add AMD retbleed= boot parameter
> 
> Andrew Cooper (1):
>        x86/cpu/amd: Enumerate BTC_NO
> 
> Daniel Sneddon (1):
>        x86/speculation: Add RSB VM Exit protections
> 
> Josh Poimboeuf (9):
>        x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
>        x86/speculation: Fix firmware entry SPEC_CTRL handling
>        x86/speculation: Fix SPEC_CTRL write on SMT state change
>        x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
>        x86/speculation: Remove x86_spec_ctrl_mask
>        KVM: VMX: Flatten __vmx_vcpu_run()
>        KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
>        KVM: VMX: Fix IBRS handling after vmexit
>        x86/speculation: Fill RSB on vmexit for IBRS
> 
> Mark Gross (1):
>        x86/cpu: Add a steppings field to struct x86_cpu_id
> 
> Nathan Chancellor (1):
>        x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
> 
> Pawan Gupta (4):
>        x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
>        x86/bugs: Add Cannon lake to RETBleed affected CPU list
>        x86/speculation: Disable RRSBA behavior
>        x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
> 
> Peter Zijlstra (11):
>        x86/kvm/vmx: Make noinstr clean
>        x86/cpufeatures: Move RETPOLINE flags to word 11
>        x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
>        x86/entry: Remove skip_r11rcx
>        x86/entry: Add kernel IBRS implementation
>        x86/bugs: Optimize SPEC_CTRL MSR writes
>        x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
>        x86/bugs: Report Intel retbleed vulnerability
>        intel_idle: Disable IBRS during long idle
>        x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
>        x86/common: Stamp out the stepping madness
> 
> Thadeu Lima de Souza Cascardo (3):
>        Revert "x86/speculation: Add RSB VM Exit protections"
>        Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
>        KVM: VMX: Convert launched argument to flags
> 
> Thomas Gleixner (2):
>        x86/devicetable: Move x86 specific macro out of generic code
>        x86/cpu: Add consistent CPU match macros
> 
> Uros Bizjak (2):
>        KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
>        KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
> 
>   Documentation/admin-guide/kernel-parameters.txt |  13 +
>   arch/x86/entry/calling.h                        |  68 ++++-
>   arch/x86/entry/entry_32.S                       |   2 -
>   arch/x86/entry/entry_64.S                       |  34 ++-
>   arch/x86/entry/entry_64_compat.S                |  11 +-
>   arch/x86/include/asm/cpu_device_id.h            | 132 ++++++++-
>   arch/x86/include/asm/cpufeatures.h              |  13 +-
>   arch/x86/include/asm/intel-family.h             |   6 +
>   arch/x86/include/asm/msr-index.h                |  10 +
>   arch/x86/include/asm/nospec-branch.h            |  54 ++--
>   arch/x86/kernel/cpu/amd.c                       |  21 +-
>   arch/x86/kernel/cpu/bugs.c                      | 365 +++++++++++++++++++-----
>   arch/x86/kernel/cpu/common.c                    |  61 ++--
>   arch/x86/kernel/cpu/match.c                     |  13 +-
>   arch/x86/kernel/cpu/scattered.c                 |   1 +
>   arch/x86/kernel/process.c                       |   2 +-
>   arch/x86/kvm/svm.c                              |   1 +
>   arch/x86/kvm/vmx/nested.c                       |  32 +--
>   arch/x86/kvm/vmx/run_flags.h                    |   8 +
>   arch/x86/kvm/vmx/vmenter.S                      | 161 +++++------
>   arch/x86/kvm/vmx/vmx.c                          |  72 +++--
>   arch/x86/kvm/vmx/vmx.h                          |   5 +
>   arch/x86/kvm/x86.c                              |   4 +-
>   drivers/base/cpu.c                              |   8 +
>   drivers/cpufreq/acpi-cpufreq.c                  |   1 +
>   drivers/cpufreq/amd_freq_sensitivity.c          |   1 +
>   drivers/idle/intel_idle.c                       |  43 ++-
>   include/linux/cpu.h                             |   2 +
>   include/linux/kvm_host.h                        |   2 +-
>   include/linux/mod_devicetable.h                 |   4 +-
>   tools/arch/x86/include/asm/cpufeatures.h        |   2 +-
>   31 files changed, 840 insertions(+), 312 deletions(-)
>   create mode 100644 arch/x86/kvm/vmx/run_flags.h
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221006/8a91601e/attachment.sig>

More information about the kernel-team mailing list