| Message ID | 20240412192327.89307-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-2201 | expand |
On 12.04.24 21:23, Yuxuan Luo wrote: > [Impact] > Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to > obtain kernel memory information without the help of unprivileged eBPF, negating > to the previous belief that unprivileged eBPF is the only real-world source of > such an attack. Also, this vulnerability affects KVM as well. > > [Backport] > There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86: > Use a switch statement and macros in __feature_translate()”) commit. This commit > solves the conflict, but since this one is but a refactor and RRSBA_CTRL is not > in the tree, ignore this commit and manually solve the conflict is doable as > well. > > [Test] > Compiled only. > > [Where things could go wrong] > This patch is more about enabling CPU features and reducing branch history > exposed, therefore, that the system is able to boot and run should denote that > it is not introducing any regression. > > For KVM, the most significant impact is the performance regression due to system > call substitution since branch prediction probably won't perform as fast as the > previous version for users who do not care about the mitigation. > > Linus Torvalds (1): > Merge tag 'nativebhi' of > git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > > Yuxuan Luo (1): > UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} > > Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++- > .../admin-guide/kernel-parameters.txt | 12 ++ > arch/x86/Kconfig | 26 ++++ > arch/x86/entry/common.c | 10 +- > arch/x86/entry/entry_64.S | 61 +++++++++ > arch/x86/entry/entry_64_compat.S | 16 +++ > arch/x86/entry/syscall_32.c | 21 ++- > arch/x86/entry/syscall_64.c | 19 ++- > arch/x86/entry/syscall_x32.c | 10 +- > arch/x86/include/asm/cpufeatures.h | 12 ++ > arch/x86/include/asm/msr-index.h | 9 +- > arch/x86/include/asm/nospec-branch.h | 17 +++ > arch/x86/include/asm/syscall.h | 11 +- > arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++-- > arch/x86/kernel/cpu/common.c | 24 ++-- > arch/x86/kernel/cpu/scattered.c | 1 + > arch/x86/kvm/reverse_cpuid.h | 5 + > arch/x86/kvm/vmx/vmenter.S | 2 + > arch/x86/kvm/x86.c | 3 +- > debian.master/config/annotations | 2 + > 20 files changed, 383 insertions(+), 47 deletions(-) > Rejected for the following reasons: I don't think we can do this that way. It looses all history of the patches included. -Stefan
[Impact] Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to obtain kernel memory information without the help of unprivileged eBPF, negating to the previous belief that unprivileged eBPF is the only real-world source of such an attack. Also, this vulnerability affects KVM as well. [Backport] There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86: Use a switch statement and macros in __feature_translate()”) commit. This commit solves the conflict, but since this one is but a refactor and RRSBA_CTRL is not in the tree, ignore this commit and manually solve the conflict is doable as well. [Test] Compiled only. [Where things could go wrong] This patch is more about enabling CPU features and reducing branch history exposed, therefore, that the system is able to boot and run should denote that it is not introducing any regression. For KVM, the most significant impact is the performance regression due to system call substitution since branch prediction probably won't perform as fast as the previous version for users who do not care about the mitigation. Linus Torvalds (1): Merge tag 'nativebhi' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Yuxuan Luo (1): UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++- .../admin-guide/kernel-parameters.txt | 12 ++ arch/x86/Kconfig | 26 ++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/cpufeatures.h | 12 ++ arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 +++ arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kvm/reverse_cpuid.h | 5 + arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 3 +- debian.master/config/annotations | 2 + 20 files changed, 383 insertions(+), 47 deletions(-)