ACK: [SRU PR Lunar] CVE-2023-20569 - AMD SRSO
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Sep 4 04:17:15 UTC 2023
On 01-09-2023 20:48, Thadeu Lima de Souza Cascardo wrote:
> The following changes since commit 0b1768b79aaefe01d0f9ecb0946fdac17d12d5b0:
>
> drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink disconnects (2023-09-01 12:30:54 +0200)
>
> are available in the Git repository at:
>
> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/lunar srso-6.2
>
> for you to fetch changes up to 47b1f4f7db95ca267ba43f673f804e7e4bcd37bb:
>
> Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation (2023-09-01 09:48:40 -0300)
>
> ----------------------------------------------------------------
> [Impact]
> A side channel vulnerability on some of the AMD CPUs may allow an attacker
> to influence the return address prediction. This may result in speculative
> execution at an attacker-controlled address, potentially leading to
> information disclosure.
>
> [Backport]
> Patches have been backported from 6.5 upstream. Minor conflicts around
> previous backports of GDS and DIV0 had to be handled. Aside from that, only
> very few conflicts also required handling.
>
> [Tests]
> Tests were run on an AWS Zen1 instance with no IBRS or IBPB. Mitigation
> options were toggled and vulnerabilities mitigations reports were as
> expected.
>
> An Intel VM was booted with spectre_v2=retpoline.
>
> [Potential regression]
> This could cause boot problems and also cause some CPU vulnerabilties
> mitigations, specially Retbleed, to regress.
>
>
> ----------------------------------------------------------------
> Arnaldo Carvalho de Melo (1):
> tools headers x86 cpufeatures: Sync with the kernel sources
>
> Arnd Bergmann (1):
> x86: Move gds_ucode_mitigated() declaration to header
>
> Borislav Petkov (AMD) (14):
> x86/alternative: Optimize returns patching
> x86/retbleed: Add __x86_return_thunk alignment checks
> x86/srso: Add a Speculative RAS Overflow mitigation
> x86/srso: Add IBPB_BRTYPE support
> x86/srso: Add SRSO_NO support
> x86/srso: Add IBPB
> x86/srso: Add IBPB on VMEXIT
> x86/srso: Add a forgotten NOENDBR annotation
> x86/srso: Tie SBPB bit setting to microcode patch detection
> Documentation/hw-vuln: Unify filename specification in index
> Documentation/srso: Document IBPB aspect and fix formatting
> x86/srso: Disable the mitigation on unaffected configurations
> x86/srso: Explain the untraining sequences a bit more
> x86/srso: Correct the mitigation status when SMT is disabled
>
> Josh Poimboeuf (1):
> x86/srso: Fix return thunks in generated code
>
> Kim Phillips (1):
> x86/cpu, kvm: Add support for CPUID_80000021_EAX
>
> Nick Desaulniers (1):
> x86/srso: Fix build breakage with the LLVM linker
>
> Peter Zijlstra (10):
> x86/cpu: Fix __x86_return_thunk symbol type
> x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
> objtool/x86: Fix SRSO mess
> x86/alternative: Make custom return thunk unconditional
> x86/cpu: Clean up SRSO return thunk mess
> x86/cpu: Rename original retbleed methods
> x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
> x86/cpu: Cleanup the untrain mess
> objtool/x86: Fixup frame-pointer vs rethunk
> x86/static_call: Fix __static_call_fixup()
>
> Petr Pavlu (2):
> x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
> x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT
>
> Sean Christopherson (1):
> x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
>
> Thadeu Lima de Souza Cascardo (1):
> Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
>
> Documentation/admin-guide/hw-vuln/index.rst | 15 +-
> Documentation/admin-guide/hw-vuln/srso.rst | 150 ++++++++++++++++++
> Documentation/admin-guide/kernel-parameters.txt | 11 ++
> arch/x86/Kconfig | 7 +
> arch/x86/include/asm/cpufeature.h | 7 +-
> arch/x86/include/asm/cpufeatures.h | 13 +-
> arch/x86/include/asm/disabled-features.h | 3 +-
> arch/x86/include/asm/msr-index.h | 1 +
> arch/x86/include/asm/nospec-branch.h | 42 ++---
> arch/x86/include/asm/processor.h | 4 +
> arch/x86/include/asm/required-features.h | 3 +-
> arch/x86/kernel/alternative.c | 17 +-
> arch/x86/kernel/cpu/amd.c | 19 +++
> arch/x86/kernel/cpu/bugs.c | 197 ++++++++++++++++++++++++
> arch/x86/kernel/cpu/common.c | 15 +-
> arch/x86/kernel/kprobes/opt.c | 40 ++---
> arch/x86/kernel/static_call.c | 13 ++
> arch/x86/kernel/vmlinux.lds.S | 39 ++++-
> arch/x86/kvm/cpuid.c | 3 +
> arch/x86/kvm/reverse_cpuid.h | 1 +
> arch/x86/kvm/svm/svm.c | 4 +-
> arch/x86/kvm/svm/vmenter.S | 3 +
> arch/x86/kvm/x86.c | 2 -
> arch/x86/lib/retpoline.S | 160 +++++++++++++++++--
> debian.master/config/annotations | 1 +
> drivers/base/cpu.c | 8 +
> include/linux/cpu.h | 2 +
> tools/arch/x86/include/asm/cpufeatures.h | 2 +-
> tools/arch/x86/include/asm/disabled-features.h | 3 +-
> tools/arch/x86/include/asm/required-features.h | 3 +-
> tools/objtool/arch/x86/decode.c | 6 +
> tools/objtool/check.c | 45 ++++--
> tools/objtool/include/objtool/arch.h | 1 +
> tools/objtool/include/objtool/elf.h | 1 +
> tools/perf/util/thread-stack.c | 4 +-
> 35 files changed, 744 insertions(+), 101 deletions(-)
> create mode 100644 Documentation/admin-guide/hw-vuln/srso.rst
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list