lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Mar 2018 23:19:39 +0000
From:   Ben Hutchings <ben.hutchings@...ethink.co.uk>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jerry Hoemann <jerry.hoemann@....com>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Arnd Bergmann <arnd@...db.de>,
        Guenter Roeck <linux@...ck-us.net>,
        Wim Van Sebroeck <wim@...ana.be>
Subject: Re: [PATCH 4.4 29/63] watchdog: hpwdt: fix unused variable warning

On Sun, 2018-03-18 at 11:14 +0100, Greg Kroah-Hartman wrote:
> On Fri, Mar 16, 2018 at 04:55:37PM -0600, Jerry Hoemann wrote:
> > 
> > Greg,
> > 
> > Sorry, if I'm missing something, but I see 3 patches for
> > hpwdt queued up for 4.4:
> > 
> > 	queue-4.4/watchdog-hpwdt-fix-unused-variable-warning.patch
> > 	queue-4.4/watchdog-hpwdt-smbios-check.patch
> > 	queue-4.4/watchdog-hpwdt-check-source-of-nmi.patch
> > 
> > 
> > Shouldn't there also be a 4.4 patch for
> > 
> > 	commit 2b3d89b402b085b08498e896c65267a145bed486
> > 	watchdog: hpwdt: Remove legacy NMI sourcing.
> > 
> > As there was for 4.15, 4.14, and 4.9?
> 
> It does not apply to the 4.4.y kernel branch.  If you feel it should be
> there, please provide a working backport.
> 
> > commit 2b3d89b40 is the Spectre related patch.
> 
> If you look closely, not many Spectre-related patches are merged into
> 4.4.y as no one has taken the time to do the backporting.  I thought
> someone was working on this, but odds are they just moved to 4.9.y or
> 4.14.y as everyone really should if they care about these issues with
> their platforms.
> 
> So if you care about Spectre, I strongly recommend using 4.14.y or
> newer.

I think you have most of the Spectre stuff aside from microcode
supported fixes.  These are still missing on the 4.4 branch though:

8fa80c503b48 nospec: Move array_index_nospec() parameter checking into separate macro
1d91c1d2c80c nospec: Kill array_index_nospec_mask_check()

I think there may also be some extra uaccess functions that didn't get
the nospec treatment.

I'll probably look into backporting the microcode stuff to the older
branches (4.4, then 3.16 and 3.2) at some point.

Ben.

-- 
Ben Hutchings
Software Developer, Codethink Ltd.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ