APPLIED: [SRU][Focal][PATCH 00/15] CVE-2024-2201
Stefan Bader
stefan.bader at canonical.com
Fri May 31 12:38:59 UTC 2024
On 17.05.24 09:57, Yuxuan Luo wrote:
> [Impact]
> Native BHI have shown that Linux on Intel CPUs is still vulnerable to
> Spectre v2 attack even with eIBRS enabled, making it possible for
> malicious userspace programs to leak kernel memory.
>
> [Backport]
> This patchset consist of 4 parts:
> 1. Native BHI patchset
> 2. Config update
> 3. Native BHI follow up fix round 1
> 4. Native BHI follow up fix round 2
>
> [Test]
> Boot tested with confirmation that the VMexit SW loop is called.
>
> [Where things could go wrong]
> Kernel crashes on affected CPUs, likely at boot. VMexit is also patched
> so booting a VM on an affected host could cause host kernel crashes as
> well.
>
>
> Daniel Sneddon (1):
> x86/bhi: Define SPEC_CTRL_BHI_DIS_S
>
> Ingo Molnar (1):
> x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr'
>
> Josh Poimboeuf (6):
> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
> x86/bugs: Fix BHI documentation
> x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
> x86/bugs: Fix BHI handling of RRSBA
> x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
> x86/bugs: Fix BHI retpoline check
>
> Pawan Gupta (4):
> x86/bhi: Add support for clearing branch history at syscall entry
> x86/bhi: Enumerate Branch History Injection (BHI) bug
> x86/bhi: Add BHI mitigation knob
> x86/bhi: Mitigate KVM by default
>
> Sandipan Das (1):
> x86/cpufeatures: Add new word for scattered features
>
> Sean Christopherson (1):
> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined
> word
>
> Yuxuan Luo (1):
> UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|ON|OFF}
>
> Documentation/admin-guide/hw-vuln/spectre.rst | 44 ++++-
> .../admin-guide/kernel-parameters.txt | 13 ++
> arch/x86/Kconfig | 25 +++
> arch/x86/entry/entry_64.S | 58 ++++++
> arch/x86/entry/entry_64_compat.S | 3 +
> arch/x86/include/asm/cpufeature.h | 8 +-
> arch/x86/include/asm/cpufeatures.h | 14 +-
> arch/x86/include/asm/disabled-features.h | 3 +-
> arch/x86/include/asm/msr-index.h | 9 +-
> arch/x86/include/asm/nospec-branch.h | 17 ++
> arch/x86/include/asm/required-features.h | 3 +-
> arch/x86/kernel/cpu/bugs.c | 176 ++++++++++++++----
> arch/x86/kernel/cpu/common.c | 62 +++---
> arch/x86/kernel/cpu/scattered.c | 1 +
> arch/x86/kvm/cpuid.h | 2 +
> arch/x86/kvm/vmx/vmenter.S | 2 +
> debian.master/config/annotations | 3 +
> 17 files changed, 365 insertions(+), 78 deletions(-)
>
Applied to focal:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240531/e6654718/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240531/e6654718/attachment-0001.sig>
More information about the kernel-team
mailing list