[SRU,artful] LP#1747507 starting KVM instances hangs box

Message ID 20180206163114.GA11190@brain
State New
Headers show
Series
  • [SRU,artful] LP#1747507 starting KVM instances hangs box
Related show

Pull-request

https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-retpoline-intelv1--pull2

Message

Andy Whitcroft Feb. 6, 2018, 4:31 p.m.
We have early reports of failures when attempting to start KVM VMs on
machines running the retpoline based kernels.  This is triggered by
a flaw in the RSB stuffing code retpoline introduces.  This pull request
pulls in 5 upstream commits (all from the stable 4.14 branch) which
correct this code.

With these applied I am again able to start VMs.

Proposing to add to artful linux where the retpoline patches are
applied.

-apw

The following changes since commit bc3391e235def1ebcded0952bd4418ee2429bedc:

  UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y (2018-02-05 18:23:06 +0100)

are available in the Git repository at:

  https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-retpoline-intelv1--pull2

for you to fetch changes up to c95f498604801249575313ee5007c378208b2659:

  x86/retpoline: Simplify vmexit_fill_RSB() (2018-02-06 16:23:56 +0000)

----------------------------------------------------------------
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
    (Spectre v2 retpoline)
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - x86/retpoline: Remove the esp/rsp thunk
    - x86/retpoline: Simplify vmexit_fill_RSB()

Comments

Kleber Souza Feb. 6, 2018, 5:01 p.m. | #1
On 02/06/18 17:31, Andy Whitcroft wrote:
> We have early reports of failures when attempting to start KVM VMs on
> machines running the retpoline based kernels.  This is triggered by
> a flaw in the RSB stuffing code retpoline introduces.  This pull request
> pulls in 5 upstream commits (all from the stable 4.14 branch) which
> correct this code.
> 
> With these applied I am again able to start VMs.
> 
> Proposing to add to artful linux where the retpoline patches are
> applied.
> 
> -apw
> 
> The following changes since commit bc3391e235def1ebcded0952bd4418ee2429bedc:
> 
>   UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y (2018-02-05 18:23:06 +0100)
> 
> are available in the Git repository at:
> 
>   https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-retpoline-intelv1--pull2
> 
> for you to fetch changes up to c95f498604801249575313ee5007c378208b2659:
> 
>   x86/retpoline: Simplify vmexit_fill_RSB() (2018-02-06 16:23:56 +0000)
> 
> ----------------------------------------------------------------
>   * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
>     (Spectre v2 retpoline)
>     - x86/retpoline: Fill RSB on context switch for affected CPUs
>     - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
>     - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
>     - x86/retpoline: Remove the esp/rsp thunk
>     - x86/retpoline: Simplify vmexit_fill_RSB()
> 

Applied to artful/master-next branch.

Thanks,
Kleber