| Message ID | 20181009133714.32139-1-juergh@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Trusty,PULL] Cleanup Meltdown/Spectre implementation (LP: #1779848) | expand |
On Tue, 9 Oct 2018 15:37:14 +0200 Juerg Haefliger <juerg.haefliger@canonical.com> wrote: > BugLink: https://bugs.launchpad.net/bugs/1779848 > > == SRU Justification == > > Ubuntu kernels contain Meltdown and Spectre mitigations that are > largely based on embargoed patches but what eventually landed in > upstream is different in some places. We should clean up the > different kernels to bring them closer in line with upstream. > > == Fix == > > Add missing upstream patches. > > == Regression Potential == > > Medium. The patches have been in upstream for quite a while now and > are baked in but some of the backporting is not completely trivial > and without risk. > > == Test Case == > > TBD. > > *** BLURB HERE *** Saving before sending would help :-( The blurb is: Compile-tested all architectures. Ran Trusty ADT tests successfully against a test kernel. ...Juerg > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit > cefa65a1685282dcbadad7c914d4d8e89428a5eb: > > UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 > > for you to fetch changes up to > 8cccec097d1fb83c610f9dddd47827fb6d3237aa: > > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control > handling (2018-10-09 10:46:55 +0200) > > ---------------------------------------------------------------- > Arnd Bergmann (1): > x86/pti: Mark constant arrays as __initconst > > Ben Hutchings (1): > xen: Add xen_arch_suspend() > > Borislav Petkov (2): > x86/nospec: Fix header guards names > x86/bugs: Drop one "mitigation" from dmesg > > Dan Carpenter (1): > x86/spectre: Fix an error message > > Dave Hansen (1): > x86/Documentation: Add PTI description > > David Woodhouse (5): > x86/cpufeatures: Add AMD feature bits for Speculation Control > x86/speculation: Add basic IBPB (Indirect Branch Prediction > Barrier) support x86/cpufeatures: Clean up Spectre v2 related CPUID > flags x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on > Intel x86/speculation: Use IBRS if available before calling into > firmware > > Dou Liyang (1): > x86/spectre: Check CONFIG_RETPOLINE in command line parser > > Ingo Molnar (1): > x86/speculation: Move firmware_restrict_branch_speculation_*() > from C to CPP > > Juerg Haefliger (14): > Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" > UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature > bits UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h > UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits > UBUNTU: SAUCE: x86/speculation: Use synthetic bits for > IBRS/IBPB/STIBP UBUNTU: SAUCE: x86/cpufeatures: Disentangle > MSR_SPEC_CTRL enumeration from IBRS UBUNTU: SAUCE: x86/bugs: Fix > re-use of SPEC_CTRL MSR boot value UBUNTU: SAUCE: Move SSBD feature > detection to common code UBUNTU: SAUCE: x86/speculation: Move vendor > specific IBRS/IBPB control code UBUNTU: SAUCE: x86/speculation: Query > individual feature flags when reloading microcode UBUNTU: SAUCE: > x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto UBUNTU: SAUCE: > x86/speculation: Make use of indirect_branch_prediction_barrier() > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > > Juergen Gross (1): > x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > KarimAllah Ahmed (1): > x86/spectre: Simplify spectre_v2 command line parsing > > Tom Lendacky (2): > x86/cpu/AMD: Make LFENCE a serializing instruction > x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC > > zhenwei.pi (1): > x86/pti: Document fix wrong index > > Documentation/kernel-parameters.txt | 21 ++-- > Documentation/x86/pti.txt | 186 > +++++++++++++++++++++++++++++++++ > arch/x86/include/asm/apm.h | 6 ++ > arch/x86/include/asm/cpufeature.h | 31 ++++-- > arch/x86/include/asm/efi.h | 7 ++ > arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- > arch/x86/include/asm/spec_ctrl.h | 13 ++- > arch/x86/include/uapi/asm/msr-index.h | 34 +++--- > arch/x86/kernel/acpi/cstate.c | 6 +- > arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- > arch/x86/kernel/cpu/bugs.c | 169 > ++++++++++++++++++++---------- arch/x86/kernel/cpu/common.c > | 40 ++++++- arch/x86/kernel/cpu/intel.c | 19 ---- > arch/x86/kernel/microcode_core.c | 20 ---- > arch/x86/kernel/process.c | 11 +- > arch/x86/kernel/smpboot.c | 6 +- > arch/x86/kvm/svm.c | 11 +- > arch/x86/kvm/vmx.c | 3 +- > arch/x86/mm/kaiser.c | 7 +- > arch/x86/mm/tlb.c | 5 +- > arch/x86/xen/suspend.c | 24 +++++ > drivers/xen/manage.c | 9 +- > include/linux/smp.h | 87 ---------------- > include/xen/xen-ops.h | 1 + > kernel/smp.c | 46 -------- > kernel/sysctl.c | 191 > ++++++++++++++++++++-------------- 26 files changed, 672 > insertions(+), 435 deletions(-) create mode 100644 > Documentation/x86/pti.txt
On 09.10.2018 15:37, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1779848 > > == SRU Justification == > > Ubuntu kernels contain Meltdown and Spectre mitigations that are largely based on embargoed patches but what eventually landed in upstream is different in some places. We should clean up the different kernels to bring them closer in line with upstream. > The testing for this is as good as one can get. Just for clarity, I believe the main difference we had and possibly still have in some cases is the handling of IBRS/IBPB and how things are exposed as knobs to twiddle. How did you do those and (that might be for Tyler) do we have a somehow documented decision of the goal. I made some decision when working on Xenial and I fear those might be different than yours for the lack of guidance. -Stefan > == Fix == > > Add missing upstream patches. > > == Regression Potential == > > Medium. The patches have been in upstream for quite a while now and are baked in but some of the backporting is not completely trivial and without risk. > > == Test Case == > > TBD. > > *** BLURB HERE *** > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit cefa65a1685282dcbadad7c914d4d8e89428a5eb: > > UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 > > for you to fetch changes up to 8cccec097d1fb83c610f9dddd47827fb6d3237aa: > > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (2018-10-09 10:46:55 +0200) > > ---------------------------------------------------------------- > Arnd Bergmann (1): > x86/pti: Mark constant arrays as __initconst > > Ben Hutchings (1): > xen: Add xen_arch_suspend() > > Borislav Petkov (2): > x86/nospec: Fix header guards names > x86/bugs: Drop one "mitigation" from dmesg > > Dan Carpenter (1): > x86/spectre: Fix an error message > > Dave Hansen (1): > x86/Documentation: Add PTI description > > David Woodhouse (5): > x86/cpufeatures: Add AMD feature bits for Speculation Control > x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support > x86/cpufeatures: Clean up Spectre v2 related CPUID flags > x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel > x86/speculation: Use IBRS if available before calling into firmware > > Dou Liyang (1): > x86/spectre: Check CONFIG_RETPOLINE in command line parser > > Ingo Molnar (1): > x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP > > Juerg Haefliger (14): > Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" > UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature bits > UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h > UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits > UBUNTU: SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP > UBUNTU: SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS > UBUNTU: SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value > UBUNTU: SAUCE: Move SSBD feature detection to common code > UBUNTU: SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code > UBUNTU: SAUCE: x86/speculation: Query individual feature flags when reloading microcode > UBUNTU: SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto > UBUNTU: SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier() > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > > Juergen Gross (1): > x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > KarimAllah Ahmed (1): > x86/spectre: Simplify spectre_v2 command line parsing > > Tom Lendacky (2): > x86/cpu/AMD: Make LFENCE a serializing instruction > x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC > > zhenwei.pi (1): > x86/pti: Document fix wrong index > > Documentation/kernel-parameters.txt | 21 ++-- > Documentation/x86/pti.txt | 186 +++++++++++++++++++++++++++++++++ > arch/x86/include/asm/apm.h | 6 ++ > arch/x86/include/asm/cpufeature.h | 31 ++++-- > arch/x86/include/asm/efi.h | 7 ++ > arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- > arch/x86/include/asm/spec_ctrl.h | 13 ++- > arch/x86/include/uapi/asm/msr-index.h | 34 +++--- > arch/x86/kernel/acpi/cstate.c | 6 +- > arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- > arch/x86/kernel/cpu/bugs.c | 169 ++++++++++++++++++++---------- > arch/x86/kernel/cpu/common.c | 40 ++++++- > arch/x86/kernel/cpu/intel.c | 19 ---- > arch/x86/kernel/microcode_core.c | 20 ---- > arch/x86/kernel/process.c | 11 +- > arch/x86/kernel/smpboot.c | 6 +- > arch/x86/kvm/svm.c | 11 +- > arch/x86/kvm/vmx.c | 3 +- > arch/x86/mm/kaiser.c | 7 +- > arch/x86/mm/tlb.c | 5 +- > arch/x86/xen/suspend.c | 24 +++++ > drivers/xen/manage.c | 9 +- > include/linux/smp.h | 87 ---------------- > include/xen/xen-ops.h | 1 + > kernel/smp.c | 46 -------- > kernel/sysctl.c | 191 ++++++++++++++++++++-------------- > 26 files changed, 672 insertions(+), 435 deletions(-) > create mode 100644 Documentation/x86/pti.txt >
On Thu, 11 Oct 2018 09:49:33 +0200 Stefan Bader <stefan.bader@canonical.com> wrote: > On 09.10.2018 15:37, Juerg Haefliger wrote: > > BugLink: https://bugs.launchpad.net/bugs/1779848 > > > > == SRU Justification == > > > > Ubuntu kernels contain Meltdown and Spectre mitigations that are > > largely based on embargoed patches but what eventually landed in > > upstream is different in some places. We should clean up the > > different kernels to bring them closer in line with upstream. > > The testing for this is as good as one can get. Just for clarity, I > believe the main difference we had and possibly still have in some > cases is the handling of IBRS/IBPB and how things are exposed as > knobs to twiddle. How did you do those and (that might be for Tyler) > do we have a somehow documented decision of the goal. I made some > decision when working on Xenial and I fear those might be different > than yours for the lack of guidance. Sorry, your reply slipped through the cracks. I'm not sure what you mean. AFAIK our specific runtime control knobs and boottime options and their implementations are identical for Trusty and Xenial. I just rearranged things to integrate it more logically with all the other modifications but there should be no functional changes. These are the last 2 commits in the PR. As for testing those changes, I just verified that I can twiddle the knobs as before and that the kernel boots. ...Juerg
On 18.10.18 08:14, Juerg Haefliger wrote: > On Thu, 11 Oct 2018 09:49:33 +0200 > Stefan Bader <stefan.bader@canonical.com> wrote: > >> On 09.10.2018 15:37, Juerg Haefliger wrote: >>> BugLink: https://bugs.launchpad.net/bugs/1779848 >>> >>> == SRU Justification == >>> >>> Ubuntu kernels contain Meltdown and Spectre mitigations that are >>> largely based on embargoed patches but what eventually landed in >>> upstream is different in some places. We should clean up the >>> different kernels to bring them closer in line with upstream. >> >> The testing for this is as good as one can get. Just for clarity, I >> believe the main difference we had and possibly still have in some >> cases is the handling of IBRS/IBPB and how things are exposed as >> knobs to twiddle. How did you do those and (that might be for Tyler) >> do we have a somehow documented decision of the goal. I made some >> decision when working on Xenial and I fear those might be different >> than yours for the lack of guidance. > > Sorry, your reply slipped through the cracks. I'm not sure what you > mean. AFAIK our specific runtime control knobs and boottime options > and their implementations are identical for Trusty and Xenial. I just > rearranged things to integrate it more logically with all the other > modifications but there should be no functional changes. These are the > last 2 commits in the PR. As for testing those changes, I just verified > that I can twiddle the knobs as before and that the kernel boots. OK, maybe its better than I feared. It is just very hard to keep track of things with other stuff going on in parallel. I just very vaguely remember that for Bionic/4.15 and possibly later, IBRS/IBPB was only decided based on cpu features while some of what we did there was an additional sysfs interface. -Stefan > > ...Juerg >
On Thu, 18 Oct 2018 11:47:02 +0200 Stefan Bader <stefan.bader@canonical.com> wrote: > On 18.10.18 08:14, Juerg Haefliger wrote: > > On Thu, 11 Oct 2018 09:49:33 +0200 > > Stefan Bader <stefan.bader@canonical.com> wrote: > > > >> On 09.10.2018 15:37, Juerg Haefliger wrote: > >>> BugLink: https://bugs.launchpad.net/bugs/1779848 > >>> > >>> == SRU Justification == > >>> > >>> Ubuntu kernels contain Meltdown and Spectre mitigations that are > >>> largely based on embargoed patches but what eventually landed in > >>> upstream is different in some places. We should clean up the > >>> different kernels to bring them closer in line with upstream. > >> > >> The testing for this is as good as one can get. Just for clarity, I > >> believe the main difference we had and possibly still have in some > >> cases is the handling of IBRS/IBPB and how things are exposed as > >> knobs to twiddle. How did you do those and (that might be for > >> Tyler) do we have a somehow documented decision of the goal. I > >> made some decision when working on Xenial and I fear those might > >> be different than yours for the lack of guidance. > > > > Sorry, your reply slipped through the cracks. I'm not sure what you > > mean. AFAIK our specific runtime control knobs and boottime options > > and their implementations are identical for Trusty and Xenial. I > > just rearranged things to integrate it more logically with all the > > other modifications but there should be no functional changes. > > These are the last 2 commits in the PR. As for testing those > > changes, I just verified that I can twiddle the knobs as before and > > that the kernel boots. > > OK, maybe its better than I feared. It is just very hard to keep > track of things with other stuff going on in parallel. I just very > vaguely remember that for Bionic/4.15 and possibly later, IBRS/IBPB > was only decided based on cpu features while some of what we did > there was an additional sysfs interface. Yes, the sysfs knobs and noib{rs,pb} commandline options were part of the embargoed patches but that never went upstream. We only have this in Xenial 4.4 and Trusty 3.13. And since it's user exposed we probably can't rip it out :-( ...Juerg > -Stefan > > > > ...Juerg > > > >
On 09.10.18 15:37, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1779848 > > == SRU Justification == > > Ubuntu kernels contain Meltdown and Spectre mitigations that are largely based on embargoed patches but what eventually landed in upstream is different in some places. We should clean up the different kernels to bring them closer in line with upstream. > > == Fix == > > Add missing upstream patches. > > == Regression Potential == > > Medium. The patches have been in upstream for quite a while now and are baked in but some of the backporting is not completely trivial and without risk. > > == Test Case == > > TBD. > > *** BLURB HERE *** > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit cefa65a1685282dcbadad7c914d4d8e89428a5eb: > > UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 > > for you to fetch changes up to 8cccec097d1fb83c610f9dddd47827fb6d3237aa: > > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (2018-10-09 10:46:55 +0200) > > ---------------------------------------------------------------- > Arnd Bergmann (1): > x86/pti: Mark constant arrays as __initconst > > Ben Hutchings (1): > xen: Add xen_arch_suspend() > > Borislav Petkov (2): > x86/nospec: Fix header guards names > x86/bugs: Drop one "mitigation" from dmesg > > Dan Carpenter (1): > x86/spectre: Fix an error message > > Dave Hansen (1): > x86/Documentation: Add PTI description > > David Woodhouse (5): > x86/cpufeatures: Add AMD feature bits for Speculation Control > x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support > x86/cpufeatures: Clean up Spectre v2 related CPUID flags > x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel > x86/speculation: Use IBRS if available before calling into firmware > > Dou Liyang (1): > x86/spectre: Check CONFIG_RETPOLINE in command line parser > > Ingo Molnar (1): > x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP > > Juerg Haefliger (14): > Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" > UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature bits > UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h > UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits > UBUNTU: SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP > UBUNTU: SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS > UBUNTU: SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value > UBUNTU: SAUCE: Move SSBD feature detection to common code > UBUNTU: SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code > UBUNTU: SAUCE: x86/speculation: Query individual feature flags when reloading microcode > UBUNTU: SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto > UBUNTU: SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier() > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > > Juergen Gross (1): > x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > KarimAllah Ahmed (1): > x86/spectre: Simplify spectre_v2 command line parsing > > Tom Lendacky (2): > x86/cpu/AMD: Make LFENCE a serializing instruction > x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC > > zhenwei.pi (1): > x86/pti: Document fix wrong index > > Documentation/kernel-parameters.txt | 21 ++-- > Documentation/x86/pti.txt | 186 +++++++++++++++++++++++++++++++++ > arch/x86/include/asm/apm.h | 6 ++ > arch/x86/include/asm/cpufeature.h | 31 ++++-- > arch/x86/include/asm/efi.h | 7 ++ > arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- > arch/x86/include/asm/spec_ctrl.h | 13 ++- > arch/x86/include/uapi/asm/msr-index.h | 34 +++--- > arch/x86/kernel/acpi/cstate.c | 6 +- > arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- > arch/x86/kernel/cpu/bugs.c | 169 ++++++++++++++++++++---------- > arch/x86/kernel/cpu/common.c | 40 ++++++- > arch/x86/kernel/cpu/intel.c | 19 ---- > arch/x86/kernel/microcode_core.c | 20 ---- > arch/x86/kernel/process.c | 11 +- > arch/x86/kernel/smpboot.c | 6 +- > arch/x86/kvm/svm.c | 11 +- > arch/x86/kvm/vmx.c | 3 +- > arch/x86/mm/kaiser.c | 7 +- > arch/x86/mm/tlb.c | 5 +- > arch/x86/xen/suspend.c | 24 +++++ > drivers/xen/manage.c | 9 +- > include/linux/smp.h | 87 ---------------- > include/xen/xen-ops.h | 1 + > kernel/smp.c | 46 -------- > kernel/sysctl.c | 191 ++++++++++++++++++++-------------- > 26 files changed, 672 insertions(+), 435 deletions(-) > create mode 100644 Documentation/x86/pti.txt > Ok, my main concern was to keep Xenial and Trusty functionally in sync which I think was confirmed we do, so I guess we should go ahead and pull this in carefully observe how it goes. -Stefan Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 10/09/18 15:37, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1779848 > > == SRU Justification == > > Ubuntu kernels contain Meltdown and Spectre mitigations that are largely based on embargoed patches but what eventually landed in upstream is different in some places. We should clean up the different kernels to bring them closer in line with upstream. > > == Fix == > > Add missing upstream patches. > > == Regression Potential == > > Medium. The patches have been in upstream for quite a while now and are baked in but some of the backporting is not completely trivial and without risk. > > == Test Case == > > TBD. > > *** BLURB HERE *** > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit cefa65a1685282dcbadad7c914d4d8e89428a5eb: > > UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 > > for you to fetch changes up to 8cccec097d1fb83c610f9dddd47827fb6d3237aa: > > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (2018-10-09 10:46:55 +0200) > > ---------------------------------------------------------------- > Arnd Bergmann (1): > x86/pti: Mark constant arrays as __initconst > > Ben Hutchings (1): > xen: Add xen_arch_suspend() > > Borislav Petkov (2): > x86/nospec: Fix header guards names > x86/bugs: Drop one "mitigation" from dmesg > > Dan Carpenter (1): > x86/spectre: Fix an error message > > Dave Hansen (1): > x86/Documentation: Add PTI description > > David Woodhouse (5): > x86/cpufeatures: Add AMD feature bits for Speculation Control > x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support > x86/cpufeatures: Clean up Spectre v2 related CPUID flags > x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel > x86/speculation: Use IBRS if available before calling into firmware > > Dou Liyang (1): > x86/spectre: Check CONFIG_RETPOLINE in command line parser > > Ingo Molnar (1): > x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP > > Juerg Haefliger (14): > Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" > UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature bits > UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h > UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits > UBUNTU: SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP > UBUNTU: SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS > UBUNTU: SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value > UBUNTU: SAUCE: Move SSBD feature detection to common code > UBUNTU: SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code > UBUNTU: SAUCE: x86/speculation: Query individual feature flags when reloading microcode > UBUNTU: SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto > UBUNTU: SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier() > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > > Juergen Gross (1): > x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > KarimAllah Ahmed (1): > x86/spectre: Simplify spectre_v2 command line parsing > > Tom Lendacky (2): > x86/cpu/AMD: Make LFENCE a serializing instruction > x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC > > zhenwei.pi (1): > x86/pti: Document fix wrong index > > Documentation/kernel-parameters.txt | 21 ++-- > Documentation/x86/pti.txt | 186 +++++++++++++++++++++++++++++++++ > arch/x86/include/asm/apm.h | 6 ++ > arch/x86/include/asm/cpufeature.h | 31 ++++-- > arch/x86/include/asm/efi.h | 7 ++ > arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- > arch/x86/include/asm/spec_ctrl.h | 13 ++- > arch/x86/include/uapi/asm/msr-index.h | 34 +++--- > arch/x86/kernel/acpi/cstate.c | 6 +- > arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- > arch/x86/kernel/cpu/bugs.c | 169 ++++++++++++++++++++---------- > arch/x86/kernel/cpu/common.c | 40 ++++++- > arch/x86/kernel/cpu/intel.c | 19 ---- > arch/x86/kernel/microcode_core.c | 20 ---- > arch/x86/kernel/process.c | 11 +- > arch/x86/kernel/smpboot.c | 6 +- > arch/x86/kvm/svm.c | 11 +- > arch/x86/kvm/vmx.c | 3 +- > arch/x86/mm/kaiser.c | 7 +- > arch/x86/mm/tlb.c | 5 +- > arch/x86/xen/suspend.c | 24 +++++ > drivers/xen/manage.c | 9 +- > include/linux/smp.h | 87 ---------------- > include/xen/xen-ops.h | 1 + > kernel/smp.c | 46 -------- > kernel/sysctl.c | 191 ++++++++++++++++++++-------------- > 26 files changed, 672 insertions(+), 435 deletions(-) > create mode 100644 Documentation/x86/pti.txt > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 10/09/18 15:37, Juerg Haefliger wrote: > BugLink: https://bugs.launchpad.net/bugs/1779848 > > == SRU Justification == > > Ubuntu kernels contain Meltdown and Spectre mitigations that are largely based on embargoed patches but what eventually landed in upstream is different in some places. We should clean up the different kernels to bring them closer in line with upstream. > > == Fix == > > Add missing upstream patches. > > == Regression Potential == > > Medium. The patches have been in upstream for quite a while now and are baked in but some of the backporting is not completely trivial and without risk. > > == Test Case == > > TBD. > > *** BLURB HERE *** > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit cefa65a1685282dcbadad7c914d4d8e89428a5eb: > > UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 > > for you to fetch changes up to 8cccec097d1fb83c610f9dddd47827fb6d3237aa: > > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (2018-10-09 10:46:55 +0200) > > ---------------------------------------------------------------- > Arnd Bergmann (1): > x86/pti: Mark constant arrays as __initconst > > Ben Hutchings (1): > xen: Add xen_arch_suspend() > > Borislav Petkov (2): > x86/nospec: Fix header guards names > x86/bugs: Drop one "mitigation" from dmesg > > Dan Carpenter (1): > x86/spectre: Fix an error message > > Dave Hansen (1): > x86/Documentation: Add PTI description > > David Woodhouse (5): > x86/cpufeatures: Add AMD feature bits for Speculation Control > x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support > x86/cpufeatures: Clean up Spectre v2 related CPUID flags > x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel > x86/speculation: Use IBRS if available before calling into firmware > > Dou Liyang (1): > x86/spectre: Check CONFIG_RETPOLINE in command line parser > > Ingo Molnar (1): > x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP > > Juerg Haefliger (14): > Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" > UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature bits > UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h > UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits > UBUNTU: SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP > UBUNTU: SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS > UBUNTU: SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value > UBUNTU: SAUCE: Move SSBD feature detection to common code > UBUNTU: SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code > UBUNTU: SAUCE: x86/speculation: Query individual feature flags when reloading microcode > UBUNTU: SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto > UBUNTU: SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier() > UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling > UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling > > Juergen Gross (1): > x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > KarimAllah Ahmed (1): > x86/spectre: Simplify spectre_v2 command line parsing > > Tom Lendacky (2): > x86/cpu/AMD: Make LFENCE a serializing instruction > x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC > > zhenwei.pi (1): > x86/pti: Document fix wrong index > > Documentation/kernel-parameters.txt | 21 ++-- > Documentation/x86/pti.txt | 186 +++++++++++++++++++++++++++++++++ > arch/x86/include/asm/apm.h | 6 ++ > arch/x86/include/asm/cpufeature.h | 31 ++++-- > arch/x86/include/asm/efi.h | 7 ++ > arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- > arch/x86/include/asm/spec_ctrl.h | 13 ++- > arch/x86/include/uapi/asm/msr-index.h | 34 +++--- > arch/x86/kernel/acpi/cstate.c | 6 +- > arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- > arch/x86/kernel/cpu/bugs.c | 169 ++++++++++++++++++++---------- > arch/x86/kernel/cpu/common.c | 40 ++++++- > arch/x86/kernel/cpu/intel.c | 19 ---- > arch/x86/kernel/microcode_core.c | 20 ---- > arch/x86/kernel/process.c | 11 +- > arch/x86/kernel/smpboot.c | 6 +- > arch/x86/kvm/svm.c | 11 +- > arch/x86/kvm/vmx.c | 3 +- > arch/x86/mm/kaiser.c | 7 +- > arch/x86/mm/tlb.c | 5 +- > arch/x86/xen/suspend.c | 24 +++++ > drivers/xen/manage.c | 9 +- > include/linux/smp.h | 87 ---------------- > include/xen/xen-ops.h | 1 + > kernel/smp.c | 46 -------- > kernel/sysctl.c | 191 ++++++++++++++++++++-------------- > 26 files changed, 672 insertions(+), 435 deletions(-) > create mode 100644 Documentation/x86/pti.txt > Applied to trusty/master-next branch. Thanks, Kleber
BugLink: https://bugs.launchpad.net/bugs/1779848 == SRU Justification == Ubuntu kernels contain Meltdown and Spectre mitigations that are largely based on embargoed patches but what eventually landed in upstream is different in some places. We should clean up the different kernels to bring them closer in line with upstream. == Fix == Add missing upstream patches. == Regression Potential == Medium. The patches have been in upstream for quite a while now and are baked in but some of the backporting is not completely trivial and without risk. == Test Case == TBD. *** BLURB HERE *** Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- The following changes since commit cefa65a1685282dcbadad7c914d4d8e89428a5eb: UBUNTU: Ubuntu-3.13.0-161.211 (2018-10-03 16:41:43 +0200) are available in the Git repository at: git://git.launchpad.net/~juergh/+git/trusty-linux lp1779848 for you to fetch changes up to 8cccec097d1fb83c610f9dddd47827fb6d3237aa: UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling (2018-10-09 10:46:55 +0200) ---------------------------------------------------------------- Arnd Bergmann (1): x86/pti: Mark constant arrays as __initconst Ben Hutchings (1): xen: Add xen_arch_suspend() Borislav Petkov (2): x86/nospec: Fix header guards names x86/bugs: Drop one "mitigation" from dmesg Dan Carpenter (1): x86/spectre: Fix an error message Dave Hansen (1): x86/Documentation: Add PTI description David Woodhouse (5): x86/cpufeatures: Add AMD feature bits for Speculation Control x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support x86/cpufeatures: Clean up Spectre v2 related CPUID flags x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel x86/speculation: Use IBRS if available before calling into firmware Dou Liyang (1): x86/spectre: Check CONFIG_RETPOLINE in command line parser Ingo Molnar (1): x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP Juerg Haefliger (14): Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" UBUNTU: SAUCE: x86/cpufeatures: Reorder spectre-related feature bits UBUNTU: SAUCE: x86/msr: Fix formatting of msr-index.h UBUNTU: SAUCE: x86/msr: Rename MSR spec control feature bits UBUNTU: SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP UBUNTU: SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS UBUNTU: SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value UBUNTU: SAUCE: Move SSBD feature detection to common code UBUNTU: SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code UBUNTU: SAUCE: x86/speculation: Query individual feature flags when reloading microcode UBUNTU: SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto UBUNTU: SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier() UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling UBUNTU: SAUCE: x86/speculation: Cleanup IBRS runtime control handling Juergen Gross (1): x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend KarimAllah Ahmed (1): x86/spectre: Simplify spectre_v2 command line parsing Tom Lendacky (2): x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC zhenwei.pi (1): x86/pti: Document fix wrong index Documentation/kernel-parameters.txt | 21 ++-- Documentation/x86/pti.txt | 186 +++++++++++++++++++++++++++++++++ arch/x86/include/asm/apm.h | 6 ++ arch/x86/include/asm/cpufeature.h | 31 ++++-- arch/x86/include/asm/efi.h | 7 ++ arch/x86/include/asm/nospec-branch.h | 62 ++++++++++- arch/x86/include/asm/spec_ctrl.h | 13 ++- arch/x86/include/uapi/asm/msr-index.h | 34 +++--- arch/x86/kernel/acpi/cstate.c | 6 +- arch/x86/kernel/cpu/amd.c | 92 ++++++++-------- arch/x86/kernel/cpu/bugs.c | 169 ++++++++++++++++++++---------- arch/x86/kernel/cpu/common.c | 40 ++++++- arch/x86/kernel/cpu/intel.c | 19 ---- arch/x86/kernel/microcode_core.c | 20 ---- arch/x86/kernel/process.c | 11 +- arch/x86/kernel/smpboot.c | 6 +- arch/x86/kvm/svm.c | 11 +- arch/x86/kvm/vmx.c | 3 +- arch/x86/mm/kaiser.c | 7 +- arch/x86/mm/tlb.c | 5 +- arch/x86/xen/suspend.c | 24 +++++ drivers/xen/manage.c | 9 +- include/linux/smp.h | 87 ---------------- include/xen/xen-ops.h | 1 + kernel/smp.c | 46 -------- kernel/sysctl.c | 191 ++++++++++++++++++++-------------- 26 files changed, 672 insertions(+), 435 deletions(-) create mode 100644 Documentation/x86/pti.txt