ACK: [SRU][J][PATCH v2 0/8] CVE-2024-25744

[Aaron Jauregui]

On Tue, Aug 06, 2024 at 06:50:25PM -0400, Yuxuan Luo wrote:
> The v1 patch would make Jammy vulnerable to CVE-2024-2201 Native BHI
> again, this v2 patch solves this issue.
> 
> [Impact]
> In x86 environment, untrusted virtual machines are able to send
> interrupt that will be mistakenly interpretted by host as INT80
> interrupt sent from host userspace programs, posessing threat to
> the host's confidentiality.
> 
> [Backport]
> For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce
> ia32_enabled()”), for the patch set is needed as denoted in the fix
> commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80
> emulation for FRED”), can be ignored because it is FRED specific and
> FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit
> and dispatch code”).
> 
> Since this fix also touches the same code base where the Native BHI fix
> modified, 7390db8aea0d ("x86/bhi: Add support for clearing branch
> history at syscall entry") needs to be backported again to adjust
> certain context, which requires f34f0d3c10eb (“x86/entry: Add
> do_SYSENTER_32() prototype“) as a prerequisite.
> 
> [Test]
> Compile and boot tested in a VM.
> 
> [Where things could go wrong]
> It affects users running x32 operating system VMs on confidential
> computing VMMs.
> 
> Arnd Bergmann (1):
>   x86/entry: Add do_SYSENTER_32() prototype
> 
> Kirill A. Shutemov (1):
>   x86/coco: Disable 32-bit emulation by default on TDX and SEV
> 
> Kuppuswamy Sathyanarayanan (1):
>   x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c
> 
> Lukas Bulwahn (1):
>   x86: Fix misspelled Kconfig symbols
> 
> Nikolay Borisov (1):
>   x86: Introduce ia32_enabled()
> 
> Pawan Gupta (1):
>   x86/bhi: Add support for clearing branch history at syscall entry
> 
> Thomas Gleixner (2):
>   x86/entry: Convert INT 0x80 emulation to IDTENTRY
>   x86/entry: Do not allow external 0x80 interrupts
> 
>  arch/x86/entry/common.c                       |  97 ++++++++++++++-
>  arch/x86/entry/entry_64_compat.S              | 114 ++----------------
>  arch/x86/include/asm/ia32.h                   |  23 +++-
>  arch/x86/include/asm/idtentry.h               |   4 +
>  arch/x86/include/asm/irq_stack.h              |   2 +-
>  arch/x86/include/asm/nospec-branch.h          |   4 +
>  arch/x86/include/asm/page_32.h                |   2 +-
>  arch/x86/include/asm/proto.h                  |   4 -
>  arch/x86/include/asm/syscall.h                |   7 +-
>  arch/x86/include/asm/uaccess.h                |   2 +-
>  arch/x86/kernel/idt.c                         |   2 +-
>  arch/x86/mm/Makefile                          |   8 +-
>  .../mm/{mem_encrypt.c => mem_encrypt_amd.c}   |  11 ++
>  arch/x86/xen/enlighten_pv.c                   |   2 +-
>  arch/x86/xen/xen-asm.S                        |   2 +-
>  15 files changed, 164 insertions(+), 120 deletions(-)
>  rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%)

Acked-by: Aaron Jauregui <aaron.jauregui at canonical.com>