mbox series

[4.19,00/34] Intel RETBleed mitigations for 4.19.

Message ID 20221117091952.1940850-1-suleiman@google.com (mailing list archive)
Headers show
Series Intel RETBleed mitigations for 4.19. | expand

Message

Suleiman Souhlal Nov. 17, 2022, 9:19 a.m. UTC
This series backports the mitigations for RETBleed for Intel CPUs to
the 4.19 kernel.

It's based on the 5.4 [1] and 4.14 [2] backports.

Tested on Skylake Chromebook.

[1] https://lore.kernel.org/stable/20221003131038.12645-1-cascardo@canonical.com/
[2] https://lore.kernel.org/kvm/20221027204801.13146-1-surajjs@amazon.com/

Alexandre Chartre (2):
  x86/bugs: Report AMD retbleed vulnerability
  x86/bugs: Add AMD retbleed= boot parameter

Andrew Cooper (1):
  x86/cpu/amd: Enumerate BTC_NO

Daniel Sneddon (1):
  x86/speculation: Add RSB VM Exit protections

Ingo Molnar (1):
  x86/cpufeature: Fix various quality problems in the
    <asm/cpu_device_hd.h> header

Josh Poimboeuf (8):
  x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
  x86/speculation: Fix firmware entry SPEC_CTRL handling
  x86/speculation: Fix SPEC_CTRL write on SMT state change
  x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
  x86/speculation: Remove x86_spec_ctrl_mask
  KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  KVM: VMX: Fix IBRS handling after vmexit
  x86/speculation: Fill RSB on vmexit for IBRS

Kan Liang (1):
  x86/cpufeature: Add facility to check for min microcode revisions

Mark Gross (1):
  x86/cpu: Add a steppings field to struct x86_cpu_id

Nathan Chancellor (1):
  x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current

Pawan Gupta (4):
  x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
  x86/bugs: Add Cannon lake to RETBleed affected CPU list
  x86/speculation: Disable RRSBA behavior
  x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS
    parts

Peter Zijlstra (10):
  x86/cpufeatures: Move RETPOLINE flags to word 11
  x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
  x86/entry: Remove skip_r11rcx
  x86/entry: Add kernel IBRS implementation
  x86/bugs: Optimize SPEC_CTRL MSR writes
  x86/bugs: Split spectre_v2_select_mitigation() and
    spectre_v2_user_select_mitigation()
  x86/bugs: Report Intel retbleed vulnerability
  intel_idle: Disable IBRS during long idle
  x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  x86/common: Stamp out the stepping madness

Suleiman Souhlal (2):
  Revert "x86/speculation: Add RSB VM Exit protections"
  Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"

Thomas Gleixner (2):
  x86/devicetable: Move x86 specific macro out of generic code
  x86/cpu: Add consistent CPU match macros

 .../admin-guide/kernel-parameters.txt         |  13 +
 arch/x86/entry/calling.h                      |  68 +++-
 arch/x86/entry/entry_32.S                     |   2 -
 arch/x86/entry/entry_64.S                     |  34 +-
 arch/x86/entry/entry_64_compat.S              |  11 +-
 arch/x86/include/asm/cpu_device_id.h          | 168 +++++++-
 arch/x86/include/asm/cpufeatures.h            |  18 +-
 arch/x86/include/asm/intel-family.h           |   6 +
 arch/x86/include/asm/msr-index.h              |  10 +
 arch/x86/include/asm/nospec-branch.h          |  53 ++-
 arch/x86/kernel/cpu/amd.c                     |  21 +-
 arch/x86/kernel/cpu/bugs.c                    | 368 ++++++++++++++----
 arch/x86/kernel/cpu/common.c                  |  60 +--
 arch/x86/kernel/cpu/match.c                   |  44 ++-
 arch/x86/kernel/cpu/scattered.c               |   1 +
 arch/x86/kernel/process.c                     |   2 +-
 arch/x86/kvm/svm.c                            |   1 +
 arch/x86/kvm/vmx.c                            |  53 ++-
 arch/x86/kvm/x86.c                            |   4 +-
 drivers/base/cpu.c                            |   8 +
 drivers/cpufreq/acpi-cpufreq.c                |   1 +
 drivers/cpufreq/amd_freq_sensitivity.c        |   1 +
 drivers/idle/intel_idle.c                     |  43 +-
 include/linux/cpu.h                           |   2 +
 include/linux/kvm_host.h                      |   2 +-
 include/linux/mod_devicetable.h               |   4 +-
 tools/arch/x86/include/asm/cpufeatures.h      |   1 +
 27 files changed, 813 insertions(+), 186 deletions(-)

Comments

Greg KH Nov. 21, 2022, 12:26 p.m. UTC | #1
On Thu, Nov 17, 2022 at 06:19:18PM +0900, Suleiman Souhlal wrote:
> This series backports the mitigations for RETBleed for Intel CPUs to
> the 4.19 kernel.
> 
> It's based on the 5.4 [1] and 4.14 [2] backports.
> 
> Tested on Skylake Chromebook.

Very nice, thank you!

All now queued up.

greg k-h