From patchwork Tue Feb 6 16:31:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Whitcroft X-Patchwork-Id: 869880 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3zbVMl6h56z9sNx; Wed, 7 Feb 2018 03:31:31 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ej69M-0003dw-81; Tue, 06 Feb 2018 16:31:16 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1ej69L-0003dp-Fb for kernel-team@lists.ubuntu.com; Tue, 06 Feb 2018 16:31:15 +0000 Received: from 1.general.apw.uk.vpn ([10.172.192.78] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1ej69L-0001xy-71 for kernel-team@lists.ubuntu.com; Tue, 06 Feb 2018 16:31:15 +0000 Date: Tue, 6 Feb 2018 16:31:14 +0000 From: Andy Whitcroft To: Ubuntu Kernel Team Subject: [SRU artful] LP#1747507 starting KVM instances hangs box Message-ID: <20180206163114.GA11190@brain> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.9.3 (2018-01-21) X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" We have early reports of failures when attempting to start KVM VMs on machines running the retpoline based kernels. This is triggered by a flaw in the RSB stuffing code retpoline introduces. This pull request pulls in 5 upstream commits (all from the stable 4.14 branch) which correct this code. With these applied I am again able to start VMs. Proposing to add to artful linux where the retpoline patches are applied. -apw The following changes since commit bc3391e235def1ebcded0952bd4418ee2429bedc: UBUNTU: [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y (2018-02-05 18:23:06 +0100) are available in the Git repository at: https://git.launchpad.net/~apw/ubuntu/+source/linux/+git/pti pti/artful-retpoline-intelv1--pull2 for you to fetch changes up to c95f498604801249575313ee5007c378208b2659: x86/retpoline: Simplify vmexit_fill_RSB() (2018-02-06 16:23:56 +0000) ---------------------------------------------------------------- * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715 (Spectre v2 retpoline) - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - x86/retpoline: Remove the esp/rsp thunk - x86/retpoline: Simplify vmexit_fill_RSB()