Message ID | 20190327203058.GA7681@sec |
---|---|
State | New |
Headers | show |
Series | [SRU,Bionic,PULL,v2] Update speculation side-channel mitigations | expand |
On 27.03.19 21:31, Tyler Hicks wrote: > This is a cleaned up (followup patches applied and ACKs gathered) and > ready-to-pull revision of this thread: > > https://lists.ubuntu.com/archives/kernel-team/2019-March/099462.html > > The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91: > > UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000) > > are available in the git repository at: > > https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation-v2 > > for you to fetch changes up to d8ef5c02ffcf43739ce5eb0048cfd87ffde04aa6: > > x86/speculation: Simplify the CPU bug detection logic (2019-03-27 19:58:24 +0000) > > ---------------------------------------------------------------- > Andi Kleen (1): > x86/spectre: Add missing family 6 check to microcode check > > Andy Lutomirski (1): > x86/nmi: Fix NMI uaccess race against CR3 switching > > Arnaldo Carvalho de Melo (1): > tools headers: Synchronize prctl.h ABI header > > Dominik Brodowski (1): > x86/speculation: Simplify the CPU bug detection logic > > Jim Mattson (1): > kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb > > Jiri Kosina (3): > x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation > x86/speculation: Apply IBPB more strictly to avoid cross-process data leak > x86/speculation: Propagate information about RSB filling mitigation to sysfs > > Konrad Rzeszutek Wilk (3): > x86/bugs: Add AMD's variant of SSB_NO > x86/bugs: Add AMD's SPEC_CTRL MSR usage > x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features > > Martin Schwidefsky (1): > s390: remove closung punctuation from spectre messages > > Peter Zijlstra (Intel) (1): > sched/smt: Make sched_smt_present track topology > > Thomas Gleixner (22): > KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled > x86/speculation: Rename SSBD update functions > x86/Kconfig: Select SCHED_SMT if SMP enabled > sched/smt: Expose sched_smt_present static key > x86/speculation: Rework SMT state change > x86/l1tf: Show actual SMT state > x86/speculation: Reorder the spec_v2 code > x86/speculation: Mark string arrays const correctly > x86/speculataion: Mark command line parser data __initdata > x86/speculation: Unify conditional spectre v2 print functions > x86/speculation: Add command line control for indirect branch speculation > x86/process: Consolidate and simplify switch_to_xtra() code > x86/speculation: Avoid __switch_to_xtra() calls > x86/speculation: Prepare for conditional IBPB in switch_mm() > ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS > x86/speculation: Split out TIF update > x86/speculation: Prevent stale SPEC_CTRL msr content > x86/speculation: Prepare arch_smt_update() for PRCTL mode > x86/speculation: Add prctl() control for indirect branch speculation > x86/speculation: Enable prctl mode for spectre_v2_user > x86/speculation: Add seccomp Spectre v2 user space protection mode > x86/speculation: Provide IBPB always command line options > > Thomas Lendacky (1): > x86/speculation: Add support for STIBP always-on preferred mode > > Tim Chen (7): > x86/speculation: Update the TIF_SSBD comment > x86/speculation: Clean up spectre_v2_parse_cmdline() > x86/speculation: Remove unnecessary ret variable in cpu_show_common() > x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() > x86/speculation: Disable STIBP when enhanced IBRS is in use > x86/speculation: Reorganize speculation control MSRs update > x86/speculation: Prepare for per task indirect branch speculation control > > Tom Lendacky (2): > x86/bugs: Update when to check for the LS_CFG SSBD mitigation > x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR > > WANG Chao (1): > x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE > > Waiman Long (1): > x86/speculation: Change misspelled STIPB to STIBP > > Zhenzhong Duan (3): > x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant > x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support > x86/retpoline: Remove minimal retpoline support > > Documentation/admin-guide/kernel-parameters.txt | 56 ++- > Documentation/userspace-api/spec_ctrl.rst | 9 + > arch/s390/kernel/nospec-branch.c | 4 +- > arch/x86/Kconfig | 12 +- > arch/x86/Makefile | 5 +- > arch/x86/events/core.c | 2 +- > arch/x86/include/asm/cpufeatures.h | 3 + > arch/x86/include/asm/msr-index.h | 5 +- > arch/x86/include/asm/nospec-branch.h | 44 +- > arch/x86/include/asm/spec-ctrl.h | 20 +- > arch/x86/include/asm/switch_to.h | 3 - > arch/x86/include/asm/thread_info.h | 20 +- > arch/x86/include/asm/tlbflush.h | 48 ++- > arch/x86/kernel/cpu/amd.c | 4 +- > arch/x86/kernel/cpu/bugs.c | 528 +++++++++++++++++++----- > arch/x86/kernel/cpu/common.c | 31 +- > arch/x86/kernel/cpu/intel.c | 3 + > arch/x86/kernel/process.c | 101 ++++- > arch/x86/kernel/process.h | 39 ++ > arch/x86/kernel/process_32.c | 10 +- > arch/x86/kernel/process_64.c | 10 +- > arch/x86/kvm/cpuid.c | 10 +- > arch/x86/kvm/svm.c | 36 +- > arch/x86/lib/usercopy.c | 5 + > arch/x86/mm/tlb.c | 120 ++++-- > include/linux/compiler-gcc.h | 2 +- > include/linux/module.h | 2 +- > include/linux/ptrace.h | 4 +- > include/linux/sched.h | 9 + > include/linux/sched/smt.h | 20 + > include/uapi/linux/prctl.h | 1 + > kernel/cpu.c | 14 +- > kernel/sched/core.c | 19 +- > kernel/sched/sched.h | 4 +- > scripts/Makefile.build | 2 - > scripts/mod/modpost.c | 2 +- > tools/include/uapi/linux/prctl.h | 13 + > 37 files changed, 962 insertions(+), 258 deletions(-) > create mode 100644 arch/x86/kernel/process.h > create mode 100644 include/linux/sched/smt.h > Repeating ack (should be included in pull) Acked-by: Stefan Bader <stefan.bader@canonical.com>
Thanks for pre-applying the ACKs :) On 2019-03-27 20:31:02 , Tyler Hicks wrote: > This is a cleaned up (followup patches applied and ACKs gathered) and > ready-to-pull revision of this thread: > > https://lists.ubuntu.com/archives/kernel-team/2019-March/099462.html > > The following changes since commit 53f4f4b0576f627345fb3769fdd6d20b6249dd91: > > UBUNTU: Ubuntu-4.15.0-47.50 (2019-03-13 04:37:50 +0000) > > are available in the git repository at: > > https://git.launchpad.net/~tyhicks/ubuntu/+source/linux/+git/bionic speculation-v2 > > for you to fetch changes up to d8ef5c02ffcf43739ce5eb0048cfd87ffde04aa6: > > x86/speculation: Simplify the CPU bug detection logic (2019-03-27 19:58:24 +0000) > > ---------------------------------------------------------------- > Andi Kleen (1): > x86/spectre: Add missing family 6 check to microcode check > > Andy Lutomirski (1): > x86/nmi: Fix NMI uaccess race against CR3 switching > > Arnaldo Carvalho de Melo (1): > tools headers: Synchronize prctl.h ABI header > > Dominik Brodowski (1): > x86/speculation: Simplify the CPU bug detection logic > > Jim Mattson (1): > kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb > > Jiri Kosina (3): > x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation > x86/speculation: Apply IBPB more strictly to avoid cross-process data leak > x86/speculation: Propagate information about RSB filling mitigation to sysfs > > Konrad Rzeszutek Wilk (3): > x86/bugs: Add AMD's variant of SSB_NO > x86/bugs: Add AMD's SPEC_CTRL MSR usage > x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features > > Martin Schwidefsky (1): > s390: remove closung punctuation from spectre messages > > Peter Zijlstra (Intel) (1): > sched/smt: Make sched_smt_present track topology > > Thomas Gleixner (22): > KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled > x86/speculation: Rename SSBD update functions > x86/Kconfig: Select SCHED_SMT if SMP enabled > sched/smt: Expose sched_smt_present static key > x86/speculation: Rework SMT state change > x86/l1tf: Show actual SMT state > x86/speculation: Reorder the spec_v2 code > x86/speculation: Mark string arrays const correctly > x86/speculataion: Mark command line parser data __initdata > x86/speculation: Unify conditional spectre v2 print functions > x86/speculation: Add command line control for indirect branch speculation > x86/process: Consolidate and simplify switch_to_xtra() code > x86/speculation: Avoid __switch_to_xtra() calls > x86/speculation: Prepare for conditional IBPB in switch_mm() > ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS > x86/speculation: Split out TIF update > x86/speculation: Prevent stale SPEC_CTRL msr content > x86/speculation: Prepare arch_smt_update() for PRCTL mode > x86/speculation: Add prctl() control for indirect branch speculation > x86/speculation: Enable prctl mode for spectre_v2_user > x86/speculation: Add seccomp Spectre v2 user space protection mode > x86/speculation: Provide IBPB always command line options > > Thomas Lendacky (1): > x86/speculation: Add support for STIBP always-on preferred mode > > Tim Chen (7): > x86/speculation: Update the TIF_SSBD comment > x86/speculation: Clean up spectre_v2_parse_cmdline() > x86/speculation: Remove unnecessary ret variable in cpu_show_common() > x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() > x86/speculation: Disable STIBP when enhanced IBRS is in use > x86/speculation: Reorganize speculation control MSRs update > x86/speculation: Prepare for per task indirect branch speculation control > > Tom Lendacky (2): > x86/bugs: Update when to check for the LS_CFG SSBD mitigation > x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR > > WANG Chao (1): > x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE > > Waiman Long (1): > x86/speculation: Change misspelled STIPB to STIBP > > Zhenzhong Duan (3): > x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant > x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support > x86/retpoline: Remove minimal retpoline support > > Documentation/admin-guide/kernel-parameters.txt | 56 ++- > Documentation/userspace-api/spec_ctrl.rst | 9 + > arch/s390/kernel/nospec-branch.c | 4 +- > arch/x86/Kconfig | 12 +- > arch/x86/Makefile | 5 +- > arch/x86/events/core.c | 2 +- > arch/x86/include/asm/cpufeatures.h | 3 + > arch/x86/include/asm/msr-index.h | 5 +- > arch/x86/include/asm/nospec-branch.h | 44 +- > arch/x86/include/asm/spec-ctrl.h | 20 +- > arch/x86/include/asm/switch_to.h | 3 - > arch/x86/include/asm/thread_info.h | 20 +- > arch/x86/include/asm/tlbflush.h | 48 ++- > arch/x86/kernel/cpu/amd.c | 4 +- > arch/x86/kernel/cpu/bugs.c | 528 +++++++++++++++++++----- > arch/x86/kernel/cpu/common.c | 31 +- > arch/x86/kernel/cpu/intel.c | 3 + > arch/x86/kernel/process.c | 101 ++++- > arch/x86/kernel/process.h | 39 ++ > arch/x86/kernel/process_32.c | 10 +- > arch/x86/kernel/process_64.c | 10 +- > arch/x86/kvm/cpuid.c | 10 +- > arch/x86/kvm/svm.c | 36 +- > arch/x86/lib/usercopy.c | 5 + > arch/x86/mm/tlb.c | 120 ++++-- > include/linux/compiler-gcc.h | 2 +- > include/linux/module.h | 2 +- > include/linux/ptrace.h | 4 +- > include/linux/sched.h | 9 + > include/linux/sched/smt.h | 20 + > include/uapi/linux/prctl.h | 1 + > kernel/cpu.c | 14 +- > kernel/sched/core.c | 19 +- > kernel/sched/sched.h | 4 +- > scripts/Makefile.build | 2 - > scripts/mod/modpost.c | 2 +- > tools/include/uapi/linux/prctl.h | 13 + > 37 files changed, 962 insertions(+), 258 deletions(-) > create mode 100644 arch/x86/kernel/process.h > create mode 100644 include/linux/sched/smt.h > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team