APPLIED: [SRU][J][PATCH v2 0/8] CVE-2024-25744

[Roxana Nicolescu]

On 07/08/2024 00:50, Yuxuan Luo wrote:
> The v1 patch would make Jammy vulnerable to CVE-2024-2201 Native BHI
> again, this v2 patch solves this issue.
>
> [Impact]
> In x86 environment, untrusted virtual machines are able to send
> interrupt that will be mistakenly interpretted by host as INT80
> interrupt sent from host userspace programs, posessing threat to
> the host's confidentiality.
>
> [Backport]
> For Jammy, a prerequisite, 1da5c9bc119d (“x86: Introduce
> ia32_enabled()”), for the patch set is needed as denoted in the fix
> commit message. And a follow-up fix, 32f5f73b79ff (“x86/fred: Fix INT80
> emulation for FRED”), can be ignored because it is FRED specific and
> FRED is yet to be introduced by 14619d912b65 (“x86/fred: FRED entry/exit
> and dispatch code”).
>
> Since this fix also touches the same code base where the Native BHI fix
> modified, 7390db8aea0d ("x86/bhi: Add support for clearing branch
> history at syscall entry") needs to be backported again to adjust
> certain context, which requires f34f0d3c10eb (“x86/entry: Add
> do_SYSENTER_32() prototype“) as a prerequisite.
>
> [Test]
> Compile and boot tested in a VM.
>
> [Where things could go wrong]
> It affects users running x32 operating system VMs on confidential
> computing VMMs.
>
> Arnd Bergmann (1):
>    x86/entry: Add do_SYSENTER_32() prototype
>
> Kirill A. Shutemov (1):
>    x86/coco: Disable 32-bit emulation by default on TDX and SEV
>
> Kuppuswamy Sathyanarayanan (1):
>    x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c
>
> Lukas Bulwahn (1):
>    x86: Fix misspelled Kconfig symbols
>
> Nikolay Borisov (1):
>    x86: Introduce ia32_enabled()
>
> Pawan Gupta (1):
>    x86/bhi: Add support for clearing branch history at syscall entry
>
> Thomas Gleixner (2):
>    x86/entry: Convert INT 0x80 emulation to IDTENTRY
>    x86/entry: Do not allow external 0x80 interrupts
>
>   arch/x86/entry/common.c                       |  97 ++++++++++++++-
>   arch/x86/entry/entry_64_compat.S              | 114 ++----------------
>   arch/x86/include/asm/ia32.h                   |  23 +++-
>   arch/x86/include/asm/idtentry.h               |   4 +
>   arch/x86/include/asm/irq_stack.h              |   2 +-
>   arch/x86/include/asm/nospec-branch.h          |   4 +
>   arch/x86/include/asm/page_32.h                |   2 +-
>   arch/x86/include/asm/proto.h                  |   4 -
>   arch/x86/include/asm/syscall.h                |   7 +-
>   arch/x86/include/asm/uaccess.h                |   2 +-
>   arch/x86/kernel/idt.c                         |   2 +-
>   arch/x86/mm/Makefile                          |   8 +-
>   .../mm/{mem_encrypt.c => mem_encrypt_amd.c}   |  11 ++
>   arch/x86/xen/enlighten_pv.c                   |   2 +-
>   arch/x86/xen/xen-asm.S                        |   2 +-
>   15 files changed, 164 insertions(+), 120 deletions(-)
>   rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (97%)
>
Applied to jammy:linux master-next branch. Thanks!