Message ID | 20240412192327.89307-1-yuxuan.luo@canonical.com |
---|---|
Headers | show |
Series | CVE-2024-2201 | expand |
On 12.04.24 21:23, Yuxuan Luo wrote: > [Impact] > Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to > obtain kernel memory information without the help of unprivileged eBPF, negating > to the previous belief that unprivileged eBPF is the only real-world source of > such an attack. Also, this vulnerability affects KVM as well. > > [Backport] > There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86: > Use a switch statement and macros in __feature_translate()”) commit. This commit > solves the conflict, but since this one is but a refactor and RRSBA_CTRL is not > in the tree, ignore this commit and manually solve the conflict is doable as > well. > > [Test] > Compiled only. > > [Where things could go wrong] > This patch is more about enabling CPU features and reducing branch history > exposed, therefore, that the system is able to boot and run should denote that > it is not introducing any regression. > > For KVM, the most significant impact is the performance regression due to system > call substitution since branch prediction probably won't perform as fast as the > previous version for users who do not care about the mitigation. > > Linus Torvalds (1): > Merge tag 'nativebhi' of > git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > > Yuxuan Luo (1): > UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} > > Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++- > .../admin-guide/kernel-parameters.txt | 12 ++ > arch/x86/Kconfig | 26 ++++ > arch/x86/entry/common.c | 10 +- > arch/x86/entry/entry_64.S | 61 +++++++++ > arch/x86/entry/entry_64_compat.S | 16 +++ > arch/x86/entry/syscall_32.c | 21 ++- > arch/x86/entry/syscall_64.c | 19 ++- > arch/x86/entry/syscall_x32.c | 10 +- > arch/x86/include/asm/cpufeatures.h | 12 ++ > arch/x86/include/asm/msr-index.h | 9 +- > arch/x86/include/asm/nospec-branch.h | 17 +++ > arch/x86/include/asm/syscall.h | 11 +- > arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++-- > arch/x86/kernel/cpu/common.c | 24 ++-- > arch/x86/kernel/cpu/scattered.c | 1 + > arch/x86/kvm/reverse_cpuid.h | 5 + > arch/x86/kvm/vmx/vmenter.S | 2 + > arch/x86/kvm/x86.c | 3 +- > debian.master/config/annotations | 2 + > 20 files changed, 383 insertions(+), 47 deletions(-) > Rejected for the following reasons: I don't think we can do this that way. It looses all history of the patches included. -Stefan