From patchwork Fri Apr 12 19:23:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1923226 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VGRLp3LbRz1yYs for ; Sat, 13 Apr 2024 05:23:45 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rvMUp-00040V-3R; Fri, 12 Apr 2024 19:23:35 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rvMUn-00040J-Bn for kernel-team@lists.ubuntu.com; Fri, 12 Apr 2024 19:23:33 +0000 Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 11C123F188 for ; Fri, 12 Apr 2024 19:23:33 +0000 (UTC) Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-78d6005b2d0so172797585a.3 for ; Fri, 12 Apr 2024 12:23:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712949811; x=1713554611; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=P9/ZqBWiweqKgievtRpC9nkxM48BEfYZGrn1tmKEGpo=; b=OOCnFo9PI2OX5ywgfstqFdRbjVVOc0vmuRFqHd19l3SHwn54mGPRVNEwer2Fad0q/3 7JI4ZOxvdZPV/xEAFXx6Rgx8/sN5dQ4Qj5cPYIdMrx2bT+Sz6JGXXlElZRt7a8wsRppw Kgt2Nykj6c4AlEskVYmM4CFIL+yNF4fgk599ORjLx0wEzPheVVcJ8d+VeRkeCWyrbYFC FAjMVdyjPEdW++ujUE56gYzChHqTi0IP+76G3YB42UswS1pCrZ0QCsW3SGU3lFan0mh9 HaHVxGvP5qtJV4WFzhQAWV4AdLui3b3WJbtgrLPFpCETTBHWWgMYkXokHHI85WHqUkV8 jENw== X-Gm-Message-State: AOJu0Yz8OC918IVm4xC4ZruhW4N/xMPm+dvccIF0QgPdYz3Lrae9QwkT mZybkXgTexazcYlBMtlORXqb3awa5AATinCVl6T2eo93JS1IaRBJQrjGTXy6HTmcY40cIz14/kg xK3JJpTopc4FRBO+9oqvFJ8O13CZjLeKqqqaEEjIuc08VdPt4mMsxWXz3gnFuQiXdzQZzbe6t3u BY5+dGfeYR02sD X-Received: by 2002:a05:620a:f90:b0:78e:bdf3:7bf with SMTP id b16-20020a05620a0f9000b0078ebdf307bfmr3349404qkn.37.1712949810866; Fri, 12 Apr 2024 12:23:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHEGnFoWze30rg8CYUeuF7chLfW5muoeO684qygrOE7XxiCuoJtqa7pobJBGEp5oCLg9CTdIA== X-Received: by 2002:a05:620a:f90:b0:78e:bdf3:7bf with SMTP id b16-20020a05620a0f9000b0078ebdf307bfmr3349391qkn.37.1712949810518; Fri, 12 Apr 2024 12:23:30 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id b20-20020a05620a0cd400b0078d6a0d5728sm2789272qkj.29.2024.04.12.12.23.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 12:23:30 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][Mantic][PATCH 0/2] CVE-2024-2201 Date: Fri, 12 Apr 2024 15:23:25 -0400 Message-Id: <20240412192327.89307-1-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] Native BHI attack, a Spectre v2 variant, allows local unprivileged attackers to obtain kernel memory information without the help of unprivileged eBPF, negating to the previous belief that unprivileged eBPF is the only real-world source of such an attack. Also, this vulnerability affects KVM as well. [Backport] There is a conflict in reverse_cpuid.h due to lack of 80c883db87d9 (“KVM: x86: Use a switch statement and macros in __feature_translate()”) commit. This commit solves the conflict, but since this one is but a refactor and RRSBA_CTRL is not in the tree, ignore this commit and manually solve the conflict is doable as well. [Test] Compiled only. [Where things could go wrong] This patch is more about enabling CPU features and reducing branch history exposed, therefore, that the system is able to boot and run should denote that it is not introducing any regression. For KVM, the most significant impact is the performance regression due to system call substitution since branch prediction probably won't perform as fast as the previous version for users who do not care about the mitigation. Linus Torvalds (1): Merge tag 'nativebhi' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Yuxuan Luo (1): UBUNTU: [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++++- .../admin-guide/kernel-parameters.txt | 12 ++ arch/x86/Kconfig | 26 ++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/cpufeatures.h | 12 ++ arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 +++ arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 ++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kvm/reverse_cpuid.h | 5 + arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 3 +- debian.master/config/annotations | 2 + 20 files changed, 383 insertions(+), 47 deletions(-)