[SRU][Jammy][PATCH 00/12] CVE-2024-2201
Yuxuan Luo
yuxuan.luo at canonical.com
Fri Apr 12 19:23:37 UTC 2024
[Impact]
Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to
obtain kernel memory information without the help of unprivileged eBPF, negating
to the previous belief that unprivileged eBPF is the only real-world source of
such an attack. Also, this vulnerability affects KVM as well.
[Backport]
Since the stable/linux-5.15.y backport is almost identical to the upstream patch
set, only the 7390db8aea0d (“x86/bhi: Add support for clearing branch history at
syscall entry”) commit is substitute by the stable/linux-5.15.y one and the rest
are backported from the upstream.
The missing prerequisite commits are:
1. 1d30800c0c0a (“x86/bugs: Use sysfs_emit()”)
This one solves the conflict in [1/8] 0cd01ac5dcb1 (“x86/bugs: Change commas
to semicolons in 'spectre_v2' sysfs file”) by substitute sprintf() with
sysfs_emit()
2. eefe5e668209 (“KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace“)
This commit introduced CPUID_7_2_EDX, a flag used by [4/8] 0f4a837615ff
(“x86/bhi: Define SPEC_CTRL_BHI_DIS_S“)
3. 047c72299061 (“KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs”)
This one introduced kvm_cpu_cap_init_kvm_defined(), solving a build error
caused by the commit above. No functional change as noted by the commit
message, safe to backport.
[Test]
Compiled only.
[Where things could go wrong]
This patch is more about enabling CPU features and reducing branch history
exposed, therefore, that the system is able to boot and run should denote that
it is not introducing any regression.
For KVM, the most significant impact is the performance regression due to system
call substitution since branch prediction probably won't perform as fast as the
previous version for users who do not care about the mitigation.
Borislav Petkov (1):
x86/bugs: Use sysfs_emit()
Daniel Sneddon (2):
x86/bhi: Define SPEC_CTRL_BHI_DIS_S
KVM: x86: Add BHI_NO
Jim Mattson (1):
KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
Josh Poimboeuf (1):
x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
Linus Torvalds (1):
x86/syscall: Don't force use of indirect calls for system calls
Pawan Gupta (4):
x86/bhi: Add support for clearing branch history at syscall entry
x86/bhi: Enumerate Branch History Injection (BHI) bug
x86/bhi: Add BHI mitigation knob
x86/bhi: Mitigate KVM by default
Sean Christopherson (1):
KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only
leafs
Yuxuan Luo (1):
placeholder
Documentation/admin-guide/hw-vuln/spectre.rst | 50 +++-
.../admin-guide/kernel-parameters.txt | 12 +
arch/x86/Kconfig | 25 ++
arch/x86/entry/common.c | 6 +-
arch/x86/entry/entry_64.S | 61 +++++
arch/x86/entry/entry_64_compat.S | 3 +
arch/x86/entry/syscall_32.c | 21 +-
arch/x86/entry/syscall_64.c | 19 +-
arch/x86/entry/syscall_x32.c | 10 +-
arch/x86/include/asm/cpufeatures.h | 12 +
arch/x86/include/asm/msr-index.h | 9 +-
arch/x86/include/asm/nospec-branch.h | 17 ++
arch/x86/include/asm/syscall.h | 10 +-
arch/x86/kernel/cpu/bugs.c | 218 +++++++++++++-----
arch/x86/kernel/cpu/common.c | 24 +-
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kvm/cpuid.c | 29 ++-
arch/x86/kvm/reverse_cpuid.h | 32 ++-
arch/x86/kvm/vmx/vmenter.S | 2 +
arch/x86/kvm/x86.c | 3 +-
debian.master/config/annotations | 3 +
21 files changed, 463 insertions(+), 104 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list