[SRU Mantic][PATCH 0/9] CVE-2024-2201 (v2)

Stefan Bader stefan.bader at canonical.com
Mon Apr 15 09:48:11 UTC 2024 

[Impact]
Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to
obtain kernel memory information without the help of unprivileged eBPF, negating
to the previous belief that unprivileged eBPF is the only real-world source of
such an attack. Also, this vulnerability affects KVM as well.

[Backport]
There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86:
Use a switch statement and macros in __feature_translate()”) commit.
There are also some context conflict in cpufeature.h. This v2 takes the
changes from the merge commit and integrates them into the individual
changes from linux-6.6.y.
Also updated in v2 is the annotations change to set the auto mode by
default.

[Test]
Compiled only (doing this again in parallel to submission)

[Where things could go wrong]
This patch is more about enabling CPU features and reducing branch history
exposed, therefore, that the system is able to boot and run should denote that
it is not introducing any regression.

For KVM, the most significant impact is the performance regression due to system
call substitution since branch prediction probably won't perform as fast as the
previous version for users who do not care about the mitigation.

Daniel Sneddon (2):
  x86/bhi: Define SPEC_CTRL_BHI_DIS_S
  KVM: x86: Add BHI_NO

Josh Poimboeuf (1):
  x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

Linus Torvalds (1):
  x86/syscall: Don't force use of indirect calls for system calls

Pawan Gupta (4):
  x86/bhi: Add support for clearing branch history at syscall entry
  x86/bhi: Enumerate Branch History Injection (BHI) bug
  x86/bhi: Add BHI mitigation knob
  x86/bhi: Mitigate KVM by default

Yuxuan Luo (1):
  UBUNTU: [Config] Set CONFIG_BHI to enabled

 Documentation/admin-guide/hw-vuln/spectre.rst |  48 ++++++-
 .../admin-guide/kernel-parameters.txt         |  12 ++
 arch/x86/Kconfig                              |  25 ++++
 arch/x86/entry/common.c                       |  10 +-
 arch/x86/entry/entry_64.S                     |  61 +++++++++
 arch/x86/entry/entry_64_compat.S              |  16 +++
 arch/x86/entry/syscall_32.c                   |  21 ++-
 arch/x86/entry/syscall_64.c                   |  19 ++-
 arch/x86/entry/syscall_x32.c                  |  10 +-
 arch/x86/include/asm/cpufeatures.h            |  11 ++
 arch/x86/include/asm/msr-index.h              |   9 +-
 arch/x86/include/asm/nospec-branch.h          |  17 +++
 arch/x86/include/asm/syscall.h                |  11 +-
 arch/x86/kernel/cpu/bugs.c                    | 121 ++++++++++++++++--
 arch/x86/kernel/cpu/common.c                  |  24 ++--
 arch/x86/kernel/cpu/scattered.c               |   1 +
 arch/x86/kvm/reverse_cpuid.h                  |   5 +
 arch/x86/kvm/vmx/vmenter.S                    |   2 +
 arch/x86/kvm/x86.c                            |   3 +-
 debian.master/config/annotations              |   3 +
 20 files changed, 382 insertions(+), 47 deletions(-)

-- 
2.34.1

More information about the kernel-team mailing list