APPLIED[L/J/F]: [SRU Focal,Jammy,OEM-6.1,Lunar 0/3] CVE-2023-20588

Stefan Bader stefan.bader at canonical.com
Thu Aug 31 08:48:31 UTC 2023 

On 30.08.23 16:38, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
>   A division-by-zero error on some AMD processors can potentially return
>   speculative data resulting in loss of confidentiality.
> 
> [Backport]
> There were some minimal conflicts resulting in this being backported before
> the SRSO mitigation.
> 
> But for 5.4 kernels, the entry code has been changed. And instead of
> adopting those changes and introducing new code here, I opted to not touch
> that divide error entry code since the added function call added in the
> second patch is removed in the third patch. Then, the places where it is
> called have moved and I had to manually place them in their equivalent
> spots.
> 
> [Test case]
> The test case here was looking at dmesg for the following line in one
> affected part:
> 
> "AMD Zen1 DIV0 bug detected. Disable SMT for full protection."
> 
> I also tested that an integer division by zero in userspace doesn't cause
> any crashes or hiccups in the kernel.
> 
> [Potential regression]
> Booting on affected parts may be affected. Kernel exit and SVM may be
> affected too. Also CPU vulnerability reporting may be affected.
> 
> Borislav Petkov (AMD) (3):
>    x86/bugs: Increase the x86 bugs vector size to two u32s
>    x86/CPU/AMD: Do not leak quotient data after a division by 0
>    x86/CPU/AMD: Fix the DIV(0) initial fix attempt
> 
>   arch/x86/entry/common.c                  |  1 +
>   arch/x86/include/asm/cpufeatures.h       |  4 +++-
>   arch/x86/include/asm/processor.h         |  2 ++
>   arch/x86/kernel/cpu/amd.c                | 20 ++++++++++++++++++++
>   arch/x86/kvm/svm.c                       |  2 ++
>   tools/arch/x86/include/asm/cpufeatures.h |  2 +-
>   6 files changed, 29 insertions(+), 2 deletions(-)
> 

Applied to lunar,jammy,focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/3d90e7bc/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230831/3d90e7bc/attachment-0001.sig>

More information about the kernel-team mailing list