| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZOiEvVOqwjZHzVgT@gmail.com>
Date: Fri, 25 Aug 2023 12:38:53 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>,
Babu Moger <babu.moger@....com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>, David.Kaplan@....com,
Andrew Cooper <andrew.cooper3@...rix.com>,
Nikolay Borisov <nik.borisov@...e.com>,
gregkh@...uxfoundation.org, Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH v2 00/23] SRSO fixes/cleanups
* Josh Poimboeuf <jpoimboe@...nel.org> wrote:
> v2:
> - reorder everything: fixes/functionality before cleanups
> - split up KVM patch, add Sean's changes
> - add patch to support live migration
> - remove "default:" case for enums throughout bugs.c
> - various minor tweaks based on v1 discussions with Boris
> - add Reviewed-by's
>
> Josh Poimboeuf (23):
> x86/srso: Fix srso_show_state() side effect
> x86/srso: Set CPUID feature bits independently of bug or mitigation
> status
> x86/srso: Don't probe microcode in a guest
> KVM: x86: Add IBPB_BRTYPE support
> KVM: x86: Add SBPB support
> x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
> x86/srso: Fix SBPB enablement for (possible) future fixed HW
> x86/srso: Print actual mitigation if requested mitigation isn't
> possible
> x86/srso: Print mitigation for retbleed IBPB case
> x86/srso: Fix vulnerability reporting for missing microcode
> x86/srso: Fix unret validation dependencies
> x86/alternatives: Remove faulty optimization
> x86/srso: Improve i-cache locality for alias mitigation
> x86/srso: Unexport untraining functions
> x86/srso: Remove 'pred_cmd' label
> x86/bugs: Remove default case for fully switched enums
> x86/srso: Move retbleed IBPB check into existing 'has_microcode' code
> block
> x86/srso: Remove redundant X86_FEATURE_ENTRY_IBPB check
> x86/srso: Disentangle rethunk-dependent options
> x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros
> x86/retpoline: Remove .text..__x86.return_thunk section
> x86/nospec: Refactor UNTRAIN_RET[_*]
> x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk()
>
> Documentation/admin-guide/hw-vuln/srso.rst | 22 ++-
> arch/x86/include/asm/nospec-branch.h | 69 ++++-----
> arch/x86/include/asm/processor.h | 2 -
> arch/x86/kernel/alternative.c | 8 -
> arch/x86/kernel/cpu/amd.c | 28 ++--
> arch/x86/kernel/cpu/bugs.c | 104 ++++++-------
> arch/x86/kernel/vmlinux.lds.S | 10 +-
> arch/x86/kvm/cpuid.c | 5 +-
> arch/x86/kvm/cpuid.h | 3 +-
> arch/x86/kvm/x86.c | 29 +++-
> arch/x86/lib/retpoline.S | 171 +++++++++++----------
> include/linux/objtool.h | 3 +-
> scripts/Makefile.vmlinux_o | 3 +-
> 13 files changed, 230 insertions(+), 227 deletions(-)
Thank you, this all looks very nice. I've applied your fixes to
tip:x86/bugs, with the exception of the two KVM enablement patches.
I've also cherry-picked the apply_returns() fix separately to x86/urgent,
AFAICS that's the only super-urgent fix we want to push to the final v6.5
release before the weekend, right? The other fixes look like
reporting bugs, Kconfig oddities and inefficiencies at worst. Backporters
may still pick the rest from x86/bugs too - but we are too close to the
release right now.
Thanks,
Ingo
Powered by blists - more mailing lists