| Message ID | 20221027204801.13146-1-surajjs@amazon.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Retbleed & PBRSB Mitigations | expand |
On Thu, Oct 27, 2022 at 01:48:01PM -0700, Suraj Jitindar Singh wrote: > This backport adds support for Retbleed and PBRSB mitigations for Intel parts. > > Some AMD parts are added to simplify context however support for IBPB or UNRET > is not included in this series. The reporting of whether a cpu is affected > should be correct however. > > Most patches applied cleanly or required only context changes, the major > difference between this series and upstream is the fact that the kvm entry > path is in inline asm in the 4.14 tree and so this had to be accommodated > in patches: > - x86/speculation: Fill RSB on vmexit for IBRS > - x86/speculation: Add RSB VM Exit protections > > This series is unsurprisingly very similar to that for the 5.4 backport [1]. > > Boot tested on a variety of Intel and AMD systems. > > Tested correct reporting of vulnerabilities and mitigation selection on Skylake, > Cascade Lake, Ice Lake and Zen3 parts. > > [1] https://lore.kernel.org/stable/20221003131038.12645-1-cascardo@canonical.com/ Note, you forgot to sign off on a lot of these patches. Whenever you submit a patch, you need to also do that as the patch came through you. I've queued these up now, and will go do a 4.14.y-rc release with just these in it to get some testing separate from other changes. thanks, greg k-h
This backport adds support for Retbleed and PBRSB mitigations for Intel parts. Some AMD parts are added to simplify context however support for IBPB or UNRET is not included in this series. The reporting of whether a cpu is affected should be correct however. Most patches applied cleanly or required only context changes, the major difference between this series and upstream is the fact that the kvm entry path is in inline asm in the 4.14 tree and so this had to be accommodated in patches: - x86/speculation: Fill RSB on vmexit for IBRS - x86/speculation: Add RSB VM Exit protections This series is unsurprisingly very similar to that for the 5.4 backport [1]. Boot tested on a variety of Intel and AMD systems. Tested correct reporting of vulnerabilities and mitigation selection on Skylake, Cascade Lake, Ice Lake and Zen3 parts. [1] https://lore.kernel.org/stable/20221003131038.12645-1-cascardo@canonical.com/ Alexandre Chartre (2): x86/bugs: Report AMD retbleed vulnerability x86/bugs: Add AMD retbleed= boot parameter Andrew Cooper (1): x86/cpu/amd: Enumerate BTC_NO Daniel Sneddon (1): x86/speculation: Add RSB VM Exit protections Ingo Molnar (1): x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header Josh Poimboeuf (8): x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n x86/speculation: Fix firmware entry SPEC_CTRL handling x86/speculation: Fix SPEC_CTRL write on SMT state change x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit x86/speculation: Remove x86_spec_ctrl_mask KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS KVM: VMX: Fix IBRS handling after vmexit x86/speculation: Fill RSB on vmexit for IBRS Kan Liang (1): x86/cpufeature: Add facility to check for min microcode revisions Mark Gross (1): x86/cpu: Add a steppings field to struct x86_cpu_id Nathan Chancellor (1): x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current Pawan Gupta (5): x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS x86/speculation: Add LFENCE to RSB fill sequence x86/bugs: Add Cannon lake to RETBleed affected CPU list x86/speculation: Disable RRSBA behavior x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Peter Zijlstra (9): x86/entry: Remove skip_r11rcx x86/cpufeatures: Move RETPOLINE flags to word 11 x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value x86/bugs: Optimize SPEC_CTRL MSR writes x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() x86/bugs: Report Intel retbleed vulnerability entel_idle: Disable IBRS during long idle x86/speculation: Change FILL_RETURN_BUFFER to work with objtool x86/common: Stamp out the stepping madness Suraj Jitindar Singh (1): Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" Thadeu Lima de Souza Cascardo (1): x86/entry: Add kernel IBRS implementation Thomas Gleixner (2): x86/devicetable: Move x86 specific macro out of generic code x86/cpu: Add consistent CPU match macros Documentation/admin-guide/hw-vuln/spectre.rst | 8 + .../admin-guide/kernel-parameters.txt | 13 + arch/x86/entry/calling.h | 68 ++- arch/x86/entry/entry_32.S | 2 - arch/x86/entry/entry_64.S | 38 +- arch/x86/entry/entry_64_compat.S | 12 +- arch/x86/include/asm/cpu_device_id.h | 168 ++++++- arch/x86/include/asm/cpufeatures.h | 16 +- arch/x86/include/asm/intel-family.h | 6 + arch/x86/include/asm/msr-index.h | 14 + arch/x86/include/asm/nospec-branch.h | 48 +- arch/x86/kernel/cpu/amd.c | 21 +- arch/x86/kernel/cpu/bugs.c | 415 +++++++++++++++--- arch/x86/kernel/cpu/common.c | 68 ++- arch/x86/kernel/cpu/match.c | 44 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/process.c | 2 +- arch/x86/kvm/svm.c | 1 + arch/x86/kvm/vmx.c | 51 ++- drivers/base/cpu.c | 8 + drivers/cpufreq/acpi-cpufreq.c | 1 + drivers/cpufreq/amd_freq_sensitivity.c | 1 + drivers/idle/intel_idle.c | 45 +- include/linux/cpu.h | 2 + include/linux/mod_devicetable.h | 4 +- tools/arch/x86/include/asm/cpufeatures.h | 1 + 26 files changed, 897 insertions(+), 161 deletions(-)